113113 – Samba sids do not maintain

Bug 113113 - Samba sids do not maintain

Summary: Samba sids do not maintain

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	3.0
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Simo Sorce
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-01-08 16:07 UTC by Andrew Judge
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-05-03 17:34:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Andrew Judge 2004-01-08 16:07:12 UTC

Description of problem:
Sids are not maintained according to net setlocalsid for upgrades- 
therefore massive problem with windows.

[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Version-Release number of selected component (if applicable):

es v.3 
How reproducible:
like clockwork

Steps to Reproduce:
1. as above
2.
3.
  
Actual results:
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Expected results:

to have the same user sid as the domain sid
Additional info:

What a nightmare!!!

Comment 1 Simo Sorce 2007-05-03 17:34:29 UTC

net getlocalsid fetches the local sid not the domain sid.
to fetch the domain sid you have to use net getdomainsid

By default samba never change the SID on upgrades, provided you don't delete
/etc/samba/secrets.tdb or you change the server name (the SID is relative to the
server name).

This seem just a configuration issue, please if you still have problems reopen
the bug and post your smb.conf

Note You need to log in before you can comment on or make changes to this bug.