RE: [GOLUM] RE: [Samba] pdbedit not working as documented
Thanks everyone for your lack of any response whatsoever, I find it builds character to be ignored throughout challenges I encounter in my life. Since I was unable to explain why Samba is predisposed to a range of SID for all accounts, the client who was interested in keeping his Linux/Samba solution will be migrating to Window 2003. I hope that feels as bad, deep in your stomach, as it does mine! Thanks for nothing. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Tuesday, August 09, 2005 3:03 AM To: samba@lists.samba.org; [EMAIL PROTECTED] Subject: [GOLUM] RE: [Samba] pdbedit not working as documented Am I building user_sid internally every time? We seem to ignore -U argument to pdbedit. At line 475 of samba-3.0.14a/source/utils/pdbedit.c; if (user_sid) { DOM_SID u_sid; if (!string_to_sid(u_sid, user_sid)) { /* not a complete sid, may be a RID, try building a SID */ int u_rid; if (sscanf(user_sid, %d, u_rid) != 1) { fprintf(stderr, Error passed string is not a complete user SID or RID!\n); return -1; } sid_copy(u_sid, get_global_sam_sid()); sid_append_rid(u_sid, u_rid); } pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED); } if (group_sid) { DOM_SID g_sid; if (!string_to_sid(g_sid, group_sid)) { /* not a complete sid, may be a RID, try building a SID */ int g_rid; if (sscanf(group_sid, %d, g_rid) != 1) { fprintf(stderr, Error passed string is not a complete group SID or RID!\n); return -1; } sid_copy(g_sid, get_global_sam_sid()); sid_append_rid(g_sid, g_rid); } pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED); } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Tuesday, August 09, 2005 12:46 AM To: samba@lists.samba.org Subject: RE: [Samba] pdbedit not working as documented Modifying account has same behavior; smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010 Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Monday, August 08, 2005 11:55 PM To: samba@lists.samba.org Subject: [Samba] pdbedit not working as documented I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun
RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time? We seem to ignore -U argument to pdbedit. At line 475 of samba-3.0.14a/source/utils/pdbedit.c; if (user_sid) { DOM_SID u_sid; if (!string_to_sid(u_sid, user_sid)) { /* not a complete sid, may be a RID, try building a SID */ int u_rid; if (sscanf(user_sid, %d, u_rid) != 1) { fprintf(stderr, Error passed string is not a complete user SID or RID!\n); return -1; } sid_copy(u_sid, get_global_sam_sid()); sid_append_rid(u_sid, u_rid); } pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED); } if (group_sid) { DOM_SID g_sid; if (!string_to_sid(g_sid, group_sid)) { /* not a complete sid, may be a RID, try building a SID */ int g_rid; if (sscanf(group_sid, %d, g_rid) != 1) { fprintf(stderr, Error passed string is not a complete group SID or RID!\n); return -1; } sid_copy(g_sid, get_global_sam_sid()); sid_append_rid(g_sid, g_rid); } pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED); } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Tuesday, August 09, 2005 12:46 AM To: samba@lists.samba.org Subject: RE: [Samba] pdbedit not working as documented Modifying account has same behavior; smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010 Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Monday, August 08, 2005 11:55 PM To: samba@lists.samba.org Subject: [Samba] pdbedit not working as documented I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005 smbsvr# pdbedit -V Version 3.0.12 smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038
[Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005 smbsvr# pdbedit -V Version 3.0.12 smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# pdbedit -u Administrator -U S-1-5-21-1375268081-527015025-691025275-3007 Administrator:1003:User smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# adduser Username: test1 Full name: Uid (Leave empty for default): Login group [test1]: Login group is test1. Invite test1 into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/test1]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : test1 Password : * Full Name : Uid: 1004 Class : Groups : test1 Home : /home/test1 Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (test1) to the user database. Add another user? (yes/no): no Goodbye! smbsvr# smbsvr# smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000 new password: retype new password: Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\pdigm\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\pdigm\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours :
RE: [Samba] pdbedit not working as documented
Modifying account has same behavior; smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010 Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Monday, August 08, 2005 11:55 PM To: samba@lists.samba.org Subject: [Samba] pdbedit not working as documented I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005 smbsvr# pdbedit -V Version 3.0.12 smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# pdbedit -u Administrator -U S-1-5-21-1375268081-527015025-691025275-3007 Administrator:1003:User smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# adduser Username: test1 Full name: Uid (Leave empty for default): Login group [test1]: Login group is test1. Invite test1 into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/test1]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : test1 Password : * Full Name : Uid