Just for the record, I did find a workaround that seemed to work after looking at the debug files a little more closely.
In the smbusers file (mapping account names to local names), I put in the line DOMAIN\user = user And that seemed to work too. Not really the best solution for me operationally....so.....I'll be working on compiling and installing the patch and let you all know if it works. Thanks for the quick turnaround on the patch. ========================================== M. D. Parker Systems Administrator General Atomics / Electromagnetic Systems +1 858 455 2877 [EMAIL PROTECTED] -----Original Message----- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Thursday, July 13, 2006 4:01 AM To: M. D. Parker Cc: 'Gerald (Jerry) Carter'; samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] Problem using 2.0.23 client in a domain with a Samba 2.0.20c PDC. On Wed, Jul 12, 2006 at 09:04:22AM -0700, M. D. Parker wrote: > Ok...ok...I'll appologize to the everybody. And yes I do understand > that bugs unreported cannot be fixed, but on a 'beta' you cannot be > very sure that maybe what you built was not quite right. I remember > this because I tried one of the CVS versions for the alpha 3.0.23 and > had the same problem that I have now. However, it was a problem to > build it at that point and again I assummed that it was some issue > that was being addressed in the build process causing the build problem. Build problems are also welcome on [EMAIL PROTECTED] Attached find a patch that should solve your problem. The circumstances are: security=domain, no winbind, and valid users = username. The code to evaluate the valid users line has been restructured to make use of the lookup_name routine to create a central point where arbitrary names are being coverted to SIDs. When winbind is not around, this routine is incomplete in the sense that it does not connect to the domain controller, whereas winbind would. So lookup_name falls back to returning S-1-22-1-<uid>. It is checked whether this SID is part of the user's NT token. Before this happens, we have however assigned the SID the domain controller has returned in the SamLogon reply. This is a S-1-5-21-<a>-<b>-<c>-RID type SID, not the S-1-22-1 one locally defined. The attached patch adds the S-1-22-1-<uid> to the user's token. It is a bit larger than strictly necessary, but the minimum diff size would have made the code a bit clumsy. Volker
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba