RE: [GOLUM] RE: [Samba] pdbedit not working as documented
Thanks everyone for your lack of any response whatsoever, I find it builds
character to be ignored throughout challenges I encounter in my life. Since
I was unable to explain why Samba is predisposed to a range of SID for all
accounts, the client who was interested in keeping his Linux/Samba solution
will be migrating to Window 2003. I hope that feels as bad, deep in your
stomach, as it does mine! Thanks for nothing.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
John McLoskey
Sent: Tuesday, August 09, 2005 3:03 AM
To: samba@lists.samba.org; [EMAIL PROTECTED]
Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, %d, u_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete user SID or RID!\n);
return -1;
}
sid_copy(u_sid, get_global_sam_sid());
sid_append_rid(u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, %d, g_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete group SID or RID!\n);
return -1;
}
sid_copy(g_sid, get_global_sam_sid());
sid_append_rid(g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba@lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username:test1
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009
Full Name:User
Home Directory: \\smbsvr\home\test1
HomeDir Drive:H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set:Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba@lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as unknown profile.
The problem is that the profiles are inaccessible.
If I man pdbedit, it clearly states the ability to;
smbsvr# man pdbedit
...
-G SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new primary group SID
(Securi-
ty Identifier) or rid.
Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
-U SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new SID (Security
Identifier)
or rid.
Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-RELEASE (GENERIC) #0: Sun
RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, %d, u_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete user SID or RID!\n);
return -1;
}
sid_copy(u_sid, get_global_sam_sid());
sid_append_rid(u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, %d, g_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete group SID or RID!\n);
return -1;
}
sid_copy(g_sid, get_global_sam_sid());
sid_append_rid(g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba@lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username:test1
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009
Full Name:User
Home Directory: \\smbsvr\home\test1
HomeDir Drive:H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set:Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba@lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as unknown profile.
The problem is that the profiles are inaccessible.
If I man pdbedit, it clearly states the ability to;
smbsvr# man pdbedit
...
-G SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new primary group SID
(Securi-
ty Identifier) or rid.
Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
-U SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new SID (Security
Identifier)
or rid.
Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005
smbsvr# pdbedit -V
Version 3.0.12
smbsvr# pdbedit -r Administrator
Unix username:Administrator
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3006
Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007
Full Name:User
Home Directory: \\smbsvr\home\Administrator
HomeDir Drive:H:
Logon Script:
Profile Path: \\smbsvr\home\Administrator\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038
[Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005 smbsvr# pdbedit -V Version 3.0.12 smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# pdbedit -u Administrator -U S-1-5-21-1375268081-527015025-691025275-3007 Administrator:1003:User smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# adduser Username: test1 Full name: Uid (Leave empty for default): Login group [test1]: Login group is test1. Invite test1 into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/test1]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : test1 Password : * Full Name : Uid: 1004 Class : Groups : test1 Home : /home/test1 Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (test1) to the user database. Add another user? (yes/no): no Goodbye! smbsvr# smbsvr# smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000 new password: retype new password: Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\pdigm\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\pdigm\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours :
RE: [Samba] pdbedit not working as documented
Modifying account has same behavior; smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010 Unix username:test1 NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3008 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009 Full Name:User Home Directory: \\smbsvr\home\test1 HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\test1\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Tue, 09 Aug 2005 04:53:13 UTC Password can change: Tue, 09 Aug 2005 04:53:13 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John McLoskey Sent: Monday, August 08, 2005 11:55 PM To: samba@lists.samba.org Subject: [Samba] pdbedit not working as documented I have am hitting a wall with pdbedit, as shown below. Any workarounds would be greatly appreciated. I am encountering the inability to change any users (profile) SID on Samba 3.x for Linux and BSD, which causes the accounts to no longer recognize their local Samba 2 profiles once they join Samba 3 domain. If I add a new user and pdbedit -a user -U SID it ignores the -U. The old profiles appear on the Windows clients as unknown profile. The problem is that the profiles are inaccessible. If I man pdbedit, it clearly states the ability to; smbsvr# man pdbedit ... -G SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new primary group SID (Securi- ty Identifier) or rid. Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201 -U SID|rid This option can be used while adding or modifying a user ac- count. It will specify the users' new SID (Security Identifier) or rid. Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004 Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005 smbsvr# pdbedit -V Version 3.0.12 smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# pdbedit -u Administrator -U S-1-5-21-1375268081-527015025-691025275-3007 Administrator:1003:User smbsvr# pdbedit -r Administrator Unix username:Administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1375268081-527015025-691025275-3006 Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3007 Full Name:User Home Directory: \\smbsvr\home\Administrator HomeDir Drive:H: Logon Script: Profile Path: \\smbsvr\home\Administrator\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 UTC Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC Password last set:Mon, 08 Aug 2005 21:39:22 UTC Password can change: Mon, 08 Aug 2005 21:39:22 UTC Password must change: Mon, 18 Jan 2038 21:14:07 UTC Last bad password : 0 Bad password count : 0 Logon hours : FF smbsvr# adduser Username: test1 Full name: Uid (Leave empty for default): Login group [test1]: Login group is test1. Invite test1 into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/test1]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : test1 Password : * Full Name : Uid
