Hi,

yes, i checked the permissions of the configuration
and profile files and directories and i think that
they are set correctly.
I have no idea why it doesn't work...
A user with identical uid, gid and sid on a machine
with the same sid as the old one can't get writing
access to the ntuser.dat which has identical
permissions as before... ???

I hope that anybody has an idea what the problem is

thank you, Christoph


--- Pierre Lebrun schrieb:

> christoph empl wrote:
> > Hallo,
> >
> > i think that my problem is getting smaller, but

> still
> > not small enough.
> > In between, i reinstalled samba. Now i have the
> > correct sid for the server and domain, and my

> users
> > have correct sids (see below), the server-,

> netbios
> > and domainname are the same as on the old server,

> i
> > preserved the uids and gids of the old server,
> > actually i copied the passwd, shadow, smbpasswd on

> the
> > new server.
> > But the problem is still: when i log onto a
> > workstation as a user, his old settings from the

> old
> > server are lost. He gets the desktop and whole
> > settings of the default user. There is no clue in

> the
> > logs why the user has (obviously) no access to his
> > ntuser.dat.
> >
> >
> > ==================
> >
> > wap-samba:/ # net getlocalsid SAMBA
> > SID for domain SAMBA is:
> > S-1-5-21-918075609-1705896514-2904333612
> >
> > ==================
> >
> > wap-samba:/ # pdbedit -Lv empl
> > Unix username: empl
> > NT username:
> > Account Flags: [UX ]
> > User SID:
> > S-1-5-21-918075609-1705896514-2904333612-22120
> > Primary Group SID:
> > S-1-5-21-918075609-1705896514-2904333612-1203
> > Full Name: Empl Christoph
> > Home Directory: \\samba\empl
> > HomeDir Drive:
> > Logon Script:
> > Profile Path: \\samba\empl\profile
> > Domain: SAMBA
> > Account desc:
> > Workstations:
> > Munged dial:
> > Logon time: 0
> > Logoff time: 9223372036854775807 seconds
> > since the Epoch
> > Kickoff time: 9223372036854775807 seconds
> > since the Epoch
> > Password last set: Tue, 06 Dec 2005 16:49:42

> GMT
> > Password can change: Tue, 06 Dec 2005 16:49:42

> GMT
> > Password must change: 9223372036854775807 seconds
> > since the Epoch
> > Last bad password : 0
> > Bad password count : 0
> > Logon hours :
> > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >
> > =========================
> >
> > [2005/12/07 12:19:15, 2]
> > auth/auth.c:check_ntlm_password(305)
> > check_ntlm_password: authentication for user

> [empl]
> > -> [empl] -> [empl] succeeded
> > [2005/12/07 12:19:15, 2]
> > auth/auth.c:check_ntlm_password(305)
> > check_ntlm_password: authentication for user

> [empl]
> > -> [empl] -> [empl] succeeded
> > [2005/12/07 12:19:15, 1]
> > smbd/service.c:make_connection_snum(647)
> > celsius01 (129.187.97.131) connect to service

> empl
> > initially as user empl (uid=10560, gid=101) (pid

> 4701)
> > [2005/12/07 12:19:15, 2]
> > rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
> > Returning domain sid for domain SAMBA ->
> > S-1-5-21-918075609-1705896514-2904333612
> > [2005/12/07 12:19:15, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/NTUSER.DAT read=Yes
> > write=No (numopen=1)
> > [2005/12/07 12:19:15, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/ntuser.ini read=Yes
> > write=No (numopen=2)
> > [2005/12/07 12:19:16, 2]
> > smbd/close.c:close_normal_file(270)
> > empl closed file profile/ntuser.ini (numopen=1)
> > [2005/12/07 12:19:16, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/ntuser.ini read=Yes
> > write=No (numopen=2)
> > [2005/12/07 12:19:16, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/ntuser.pol read=Yes
> > write=No (numopen=3)
> > [2005/12/07 12:19:16, 2]
> > smbd/close.c:close_normal_file(270)
> > empl closed file profile/NTUSER.DAT (numopen=2)
> > [2005/12/07 12:19:16, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/NTUSER.DAT read=Yes
> > write=No (numopen=3)
> > [2005/12/07 12:19:17, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/NTUSER.DAT.LOG read=Yes
> > write=No (numopen=4)
> > [2005/12/07 12:19:23, 2]

> smbd/open.cpen_file(245)
> > empl opened file profile/.fonts.cache-1 read=Yes
> > write=No (numopen=5)
> > [2005/12/07 12:19:23, 2]

> smbd/open.cpen_file(245)
> >
> >
> > thanks for your answers, Christoph
> >
> >
> >
> > Hi,
> >
> > thank you for your quick answer...
> >
> > Sorry, i forgot to tell you that i replaced the

> sid of
> > the new server with the sid of the old server.
> > But then i have the problem that the user sid (and
> > gid) are structured like this:
> > old-sid-from-the-new-server-uid and not
> > sid-from-the-old-server-uid (the head of the users

> sid
> > consists of the sid from the new server, the one

> that
> > i replaced with the sid of the old server). So the
> > Users don't have access rights to their profiles,
> > because they don't have their original sids.
> >
> > thank you, Christoph
> >
> > Chritoph,
> >
> > Your problem is that while having a new server, by
> > default
> > you have a new server SID. The problem is that you
> > want to
> > manage users who own SID from your 2.2 server. As

> we
> > can't
> > imagine to lose all users profile, you have to set

> the
> > 2.2
> > samba server SID on your 3.0 samba server.
> >
> > This is a common migration problem.
> >
> > What you must do is:
> >
> > 1) On Samba 2.2: pick your 2.2 server SID
> >
> > smbpasswd -X {your_domain}
> > This will give you a string like this one:
> > SID for domain mydomain is:
> > S-1-5-21-1547254743-587533270-2928086249
> >
> >
> > 2) On Samba 3.0: setting 3.0 SID with SID picked

> on
> > 2.2
> > Save the current 3.0 SID for eventual recovery

> needs
> > net getlocalsied > file_to_save_3.0_SID
> >
> > Set 2.2 SID on 3.0 PDC like this:
> > net setlocalsid
> > S-1-5-21-1547254743-587533270-2928086249
> >
> > Restart samba and I think things should go better.
> >
> > Regards,
> >
> > Pierre
> >
> > christoph empl wrote:
> >> Hi,
> >>
> >> i did the change according to your guideline, but

> id
> >> don't know how i can preserve the sids and gids

> of
>

=== message truncated ===







__________________________________________________ _________
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba