Bug 113113 - Samba sids do not maintain
Samba sids do not maintain
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba (Show other bugs)
3.0
i386 Linux
high Severity high
: ---
: ---
Assigned To: Simo Sorce
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-08 11:07 EST by Andrew Judge
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-03 13:34:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Andrew Judge 2004-01-08 11:07:12 EST
Description of problem:
Sids are not maintained according to net setlocalsid for upgrades- 
therefore massive problem with windows.

[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Version-Release number of selected component (if applicable):

es v.3 
How reproducible:
like clockwork

Steps to Reproduce:
1. as above
2.
3.
  
Actual results:
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950
[root@fire2 root]# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]
[root@fire2 root]# rm -f /var/cache/samba/group_mapping.tdb
[root@fire2 root]# service smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fire2 root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root@fire2 root]# net getlocalsid
SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950


Expected results:

to have the same user sid as the domain sid
Additional info:

What a nightmare!!!
Comment 1 Simo Sorce 2007-05-03 13:34:29 EDT
net getlocalsid fetches the local sid not the domain sid.
to fetch the domain sid you have to use net getdomainsid

By default samba never change the SID on upgrades, provided you don't delete
/etc/samba/secrets.tdb or you change the server name (the SID is relative to the
server name).

This seem just a configuration issue, please if you still have problems reopen
the bug and post your smb.conf

Note You need to log in before you can comment on or make changes to this bug.