Red Hat Bugzilla – Bug 278121
SIDs are not translated on Windows
Last modified: 2007-11-30 17:07:29 EST
Description of problem:
If I select a file or folder on a samba share and selects "Properties", and then
"Security" will the SIDS not be translated to usernames.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in to Windows computer
2. Rightclick on file on samba share
3. Select Properties
4. Select Security
5. Watch SIDs not getting translated to usernames
No transled SIDs
SIDs translated to usernames
samba is running with openldap as backend. On two other servers running RHEL and
samba-3.0.9-1.3E.13.2 is this working.
Created attachment 187201 [details]
Can you reproduce this at will?
if so, can you raise loge level to 10 and send me a log file containing the
captured logs of the moment you try to display SIDs?
Please make sure to either raise the log only for the connected test system smbd
or off hours, as level 10 logs are extremely verbose and will noticeably slow
down your server. Also make sure you increase the permitted log size to avoid
overwriting the log too fast.
I changed log level to 10. Saved. Ran testparm. In windows I selected a file
modify_all.csv. Selected properties. Selected Security. Closed the window.
Changed loglevel to 1. Ran testparm.
Created attachment 187951 [details]
/var/log/samba/smbd.log at loglevel 10 (gzipped)
Johan it seem your server is misconfigured.
I just noticed that in smb.conf "security" is set to "password" which is not a
valid value for security.
This makes the server effectively just a standalone server. I think you want
instead join the server to the PDC, if you have one (the comments imply the
existence of a BDC?).
Also there seem to be some mismatch between the SIDs as seen in ldap, and the
machine SID the server uses.
Can you post the output of net getlocalsid and make sure it matches what you
have configured in your smbldap tools configuration?
I have several servers
staff, RHEL3 which is also PDC
staff2, RHEL4, which is BDC (will replace staff in the near future). This is the
server which doesn't translate SIDs.
student, RHEL3 which is BDC
They all have samba with openldap as backend. staff is LDAP master with staff2
and student acting as slaves.
All 3 have accounts in the domain. However the sids in the domain is not the
same as the sids I get with net getlocalsid
SID for domain STAFF is: S-1-5-21-136859684-1428773301-1694261885
SID for domain STAFF2 is: S-1-5-21-3644677782-1265879894-3010064441
SID for domain STUDENT is: S-1-5-21-4226488258-4052872194-2219043442
Should I set the localsid so it matches the value in the LDAP? I guess the
localsids was generated before the server joined the domain. But should joining
a domain change the local sid?
A normal member server retain his own SID and just inherit another SAM (the
account database) with its SID from the PDC.
A BDC instead is a special case, you must set the SID to be identical to the one
the PDC has.
Also to be a BDC you need:
security = user
domain master = no
domain logons = yes
Technically speaking a samba BDC does not need to be joined to the domain as it
shares the SAM (via ldap) with the PDC.
SID-to-name lookups seem to be failing because the server fails to resolve the
SID either via winbindd or locally.
I am closing this as a misconfiguration issue.
Please, re-open if the issue persist after you have fixed the configuration.