Hello, just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) from the cvs and could track down many problems we had here today to some error with the PDC SID (ok, I know, using cvs-code on a production server is bad) The CVS code seems to add the PDC SID from MACHINE.SID to the secrets.tdb and after this deletes the file MACHINE.SID. During this procedure the 'right' SID gets lost. One can see this during login of a Windows 2000 client into a Samba 2.2.4-pre managed domain: the profile download stops with 'access denied' and the login-script does not run. Doing echo %LOGONSERVER% from the Windows command shell gives the name of the client machine, not the PDC. After deleting the locally cached profiles and setting nt acl support = no in the smb.conf for the profile share the login works and the profile downloads - but still no logon-script. Did an installation of 2.2.4-pre/cvs on another Server, created another domain, and rejoined one client to this new domain - this works perfect, so it seems that only the SID-transfer ist broken. I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID from the backup. After this login, profile dowload and login-scripts work. echo %LOGONSERVER% gives the netbios-name of the Samba-Server - but now I lost the CVS improvements of the printing-subsystem and the MS-Database locking. Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release controlled domain, someone should fix this issue before release. - I'm willing to test the cvs-code - just drop me a mail if something changed. BTW: compiling the cvs code with smbmount gives a compiler error during compilation of smbmount.c. Greetings, Martin --- Martin THOMAS University of Kaiserslautern, Institute of Environmental Engineering, Kaiserslautern (ZIP 67663), Germany
On Fri, Mar 22, 2002 at 07:21:21PM +0100, Martin Thomas wrote:> Hello, > > just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) > from the cvs and could track down many problems we had here > today to some error with the PDC SID (ok, I know, using cvs-code on > a production server is bad) > > The CVS code seems to add the PDC SID from MACHINE.SID > to the secrets.tdb and after this deletes the file MACHINE.SID. > During this procedure the 'right' SID gets lost. One can see > this during login of a Windows 2000 client into a Samba 2.2.4-pre > managed domain: the profile download stops with 'access denied' and > the login-script does not run. > Doing echo %LOGONSERVER% from the Windows command shell > gives the name of the client machine, not the PDC. > > After deleting the locally cached profiles and setting nt acl support = no > in the smb.conf for the profile share the login works and the profile > downloads - but still no logon-script. > > Did an installation of 2.2.4-pre/cvs on another Server, created another > domain, and rejoined one client to this new domain - this works > perfect, so it seems that only the SID-transfer ist broken. > > I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID > from the backup. After this login, profile dowload and login-scripts > work. echo %LOGONSERVER% gives the netbios-name of the > Samba-Server - but now I lost the CVS improvements of the printing-subsystem > and the MS-Database locking. > > Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release > controlled domain, someone should fix this issue before release. > - I'm willing to test the cvs-code - just drop me a mail if something changed.Thanks for that. I'm currently doing tests on "upgrade from 2.2.3a" issues so this is well timed. I'll take a look at this. Jeremy.
On Fri, Mar 22, 2002 at 07:21:21PM +0100, Martin Thomas wrote:> Hello, > > just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) > from the cvs and could track down many problems we had here > today to some error with the PDC SID (ok, I know, using cvs-code on > a production server is bad) > > The CVS code seems to add the PDC SID from MACHINE.SID > to the secrets.tdb and after this deletes the file MACHINE.SID. > During this procedure the 'right' SID gets lost. One can see > this during login of a Windows 2000 client into a Samba 2.2.4-pre > managed domain: the profile download stops with 'access denied' and > the login-script does not run. > Doing echo %LOGONSERVER% from the Windows command shell > gives the name of the client machine, not the PDC. > > After deleting the locally cached profiles and setting nt acl support = no > in the smb.conf for the profile share the login works and the profile > downloads - but still no logon-script. > > Did an installation of 2.2.4-pre/cvs on another Server, created another > domain, and rejoined one client to this new domain - this works > perfect, so it seems that only the SID-transfer ist broken. > > I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID > from the backup. After this login, profile dowload and login-scripts > work. echo %LOGONSERVER% gives the netbios-name of the > Samba-Server - but now I lost the CVS improvements of the printing-subsystem > and the MS-Database locking. > > Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release > controlled domain, someone should fix this issue before release. > - I'm willing to test the cvs-code - just drop me a mail if something changed.This was just fixed by a patch gone into CVS. CVS update and it should be fine. Sorry for the problem. Jeremy.