samba - Jan 2006 - Changing file permissions in Windows XP with a samba PDC

Question about changing file permissions in Windows XP when running
samba as a PDC.
If you hit Properties and go to the security tab, instead of listing
the proper group/user names it lists the full SID.
Is there a way to get Windows XP to map these to the proper user/group names?
I am using LDAP as a backend with Samba.

Thanks.

-- James

On 1/11/06, Jason Balicki <kodak@frontierhomemortgage.com>
wrote:
> James Lamanna wrote:
> > Question about changing file permissions in Windows XP when running
> > samba as a PDC.
> > If you hit Properties and go to the security tab, instead of listing
> > the proper group/user names it lists the full SID.
> > Is there a way to get Windows XP to map these to the proper
> > user/group names? I am using LDAP as a backend with Samba.
>
> You have something wrong.  You should see the proper
> DOMAIN\username display and not the sid.
>
> I suspect a domain sid mismatch between the XP client and
> samba server.
>
> There is a utility at sysinternals.com called "psgetsid"
> that will show the SID of the logged in user on the
> XP machine.  Use that utility to compare with
> "net getlocalsid" on the samba PDC and make sure that
> the domain part matches.  The local part will differ
> (the last bit).
>
> If there is a mismatch, you'll need to rejoin the XP
> box to the domain.  If there's not, then I don't
> know what's wrong. :)
>
> Be aware:  rejoining to the domain will cause the profiles
> on the box to get messed up, but you can reassign the
> profiles by changing the registry and setting permissions.
Hrm.
The domain part of the SIDs definitely match.
What's interesting is that it doesn't even get the default-ish groups
right
(like Domain Users for example, it just shows [domain sid]-513)

Any other ideas?
>
> HTH,
>
> --J(K)
>
>
-- James

On 1/11/06, Jason Balicki <kodak@frontierhomemortgage.com>
wrote:
> James Lamanna wrote:
> > Hrm.
> > The domain part of the SIDs definitely match.
> > What's interesting is that it doesn't even get the default-ish
groups
> > right (like Domain Users for example, it just shows [domain sid]-513)
> >
> > Any other ideas?
>
> Just to be clear, did you map the domain users to a group
> using net groupmap?  I don't know that that's contributing
> to your problem though.
>
> What's the output of "net groupmap list" on the server?
Domain Admins (S-1-5-21-3203556629-3307610231-1688239997-512) -> Domain
Admins
Domain Users (S-1-5-21-3203556629-3307610231-1688239997-513) -> Domain Users
Domain Guests (S-1-5-21-3203556629-3307610231-1688239997-514) -> Domain
Guests
Domain Computers (S-1-5-21-3203556629-3307610231-1688239997-515) ->
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
svnusers (S-1-5-21-3203556629-3307610231-1688239997-3003) -> svnusers


I think it may just be this machine. I looked at another machine and
it seems to be behaving ok.