Bug 113113 – Samba sids do not maintain

Bug 113113 - Samba sids do not maintain

Summary:	Samba sids do not maintain

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	samba (Show other bugs)
Sub Component:
Version:	3.0
Hardware:	i386 Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Simo Sorce
QA Contact:	David Lawrence
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-01-08 11:07 EST by Andrew Judge
Modified:	2007-11-30 17:07 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-05-03 13:34:29 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Andrew Judge 2004-01-08 11:07:12 EST

Description of problem:
Sids are not maintained according to net setlocalsid for upgrades- 
therefore massive problem with windows.

[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Version-Release number of selected component (if applicable):

es v.3 
How reproducible:
like clockwork

Steps to Reproduce:
1. as above
2.
3.
  
Actual results:
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Expected results:

to have the same user sid as the domain sid
Additional info:

What a nightmare!!!

Comment 1 Simo Sorce 2007-05-03 13:34:29 EDT

net getlocalsid fetches the local sid not the domain sid.
to fetch the domain sid you have to use net getdomainsid

By default samba never change the SID on upgrades, provided you don't delete
/etc/samba/secrets.tdb or you change the server name (the SID is relative to the
server name).

This seem just a configuration issue, please if you still have problems reopen
the bug and post your smb.conf

Note You need to log in before you can comment on or make changes to this bug.