I try to set up Samba 2.2.4 / LDAP as a PDC and it almost works. The only thing I don't understand is why a domain user can't have a primaryGroupID of 513 (which looks like it should be a safe default). But if I set it, login is denied with an error C0000078 on the client, and something like
[2002/06/03 10:32:28, 3] smbd/sec_ctx.c:set_sec_ctx(314) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2002/06/03 10:32:28, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 65534 (i.e. nobody/nogroup) on the server. If I set primaryGroupId to any sufficienly random number (like 51223), login works as expected [2002/06/03 10:42:32, 3] smbd/sec_ctx.c:set_sec_ctx(314) setting sec ctx (2001, 100) - sec_ctx_stack_ndx = 0 [2002/06/03 10:42:32, 3] smbd/sec_ctx.c:set_sec_ctx(319) 1 user groups: 100 In addition, in the case of a successful login, the second transaction in the log file performs a "switch message SMBsesssetupX (pid 7865)", the C0000078 logins have a "switch message SMBtrans" in this position. This is slightly puzzling. Yours, Florian Hars. PS: isn't there a return(True) missing in uid.c/change_to_user: if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && (current_user.uid == conn->uid)) { DEBUG(4,("change_to_user: Skipping user change - already user\n")); return(True); } else if ((current_user.conn == conn) && (vuser != 0) && (current_user.vuid == vuid) && (current_user.uid == vuser->uid)) { DEBUG(4,("change_to_user: Skipping user change - already user\n")); /************** HERE ??? ***************************/ } -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba