samba - Nov 2009 - Builtin group mapping problem with latest from git

Hi,

I'm trying to run the latest samba from git for the first time in order
to finalize a patch to submit for a bug that I've been working on. I'm
running Fedora 11 and everything is tested and working on that with
samba 3.4.2. I got the latest version from git (3.6.0) ran configure and
make OK, and installed it. The built smbd and winbindd run fine, but
trying to access the machine from a Windows domain PC logged in as the
domain administrator fails with a logon failure, and this logged:

check_ntlm_password:  Checking password for unmapped user
[SD80]\[Administrator]@[IANSERVER] with the new password interface
check_ntlm_password:  mapped user is: [SD80]\[Administrator]@[IANSERVER]
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE


My group mappings, as reported when running samba 3.4.2 are:

# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN+administrators
Users (S-1-5-32-545) -> BUILTIN+users
# net groupmap listmem S-1-5-32-545
S-1-5-21-4023909512-3739307249-2032274589-513

But when the new winbindd is running those are reported as:

# net groupmap list
Administrators (S-1-5-32-544) -> 616
Users (S-1-5-32-545) -> 605

So I tried to re-create the mappings with the new version from git
installed, but it would not accept "BUILTIN+administrators" as a
group:

# net sam list builtin
Administrators
Users
# net groupmap add ntgroup=Administrators sid=S-1-5-32-544
unixgroup=BUILTIN+administrators
Can't lookup UNIX group BUILTIN+administrators

Adding in "type=builtin" did not help.

Is this something that has changed, or is something broken here?

Ian

On Fri, Nov 20, 2009 at 11:47:45AM -0800, Ian Puleston
wrote:
> check_ntlm_password:  Checking password for unmapped user
> [SD80]\[Administrator]@[IANSERVER] with the new password interface
> check_ntlm_password:  mapped user is: [SD80]\[Administrator]@[IANSERVER]
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> check_ntlm_password:  Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
You did update /lib/libnss_winbind.so?

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20091120/6d1c915f/attachment.pgp>