samba - Jul 2015 - Patch for bug 11061

On 06/07/15 11:33, Roland Schwingel wrote:
>
> Thanks for your reply,
>
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote on 06.07.2015 
> 10:03:20:
>
> > > In the first 2 lines of the log I see the SIDs dumped.
> > > Both for my domain and for my member server.
> > >
> > > SID for local machine OSUSE-TEST is:
> > > S-1-5-21-1853263269-3041869306-167322181
> > > SID for domain MYDOM is: S-1-5-21-290147797-1639656955-1287535205
> > > Join to 'MYDOM' is OK
> > >
> > > According to my LDAP the sid for my test member server
(OSUSE-TEST)
> > > should be S-1-5-21-290147797-1639656955-1287535205-61405
> >
> > Just what do you mean by 'According to my LDAP' ?
> > Have *you* set the SID somewhere?
> We have a quite big LDAP and DNS setup. This is one reason why we 
> can't switch to samba as AD right now. I made a little php script a 
> decade ago which is hooked in as "add machine script" to my PDC.
This
> script searches for a free domain sid and creates a machine account in 
> LDAP. This works very fine for many years now.
>
> The sid for MYDOM is:
> S-1-5-21-290147797-1639656955-1287535205
> The sid for my domain member server in this domain is therefore: 
> S-1-5-21-290147797-1639656955-1287535205-61405
>
> Here is the ldif for my still not working member server:
> # osuse-test$, computers, samba, mydom.com
> dn: uid=osuse-test$,ou=computers,ou=samba,dc=mydom,dc=com
> sambaPwdLastSet: 1436177562
> sambaNTPassword: B404FFE84BE2F31569CF908B3F2B6020
> sambaAcctFlags: [WX         ]
> uid: osuse-test$
> cn: osuse-test$
> displayName: osuse-test$
> gidNumber: 515
> gecos: Computer
> description: Computer
> homeDirectory: /dev/null
> loginShell: /bin/false
> uidNumber: 61405
> sambaSID: S-1-5-21-290147797-1639656955-1287535205-61405
> sambaPrimaryGroupSID: S-1-5-21-290147797-1639656955-1287535205-515
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaKickoffTime: 2147483647
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaDomainName: MYDOM
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaSAMAccount
There doesn't seem to be anything wrong with that ldif.
>
> I have bootstrapped my samba member server before joining the domain with
> net setdomainsid S-1-5-21-290147797-1639656955-1287535205
> during net rpc join the domainsid ending in -61405 was generated by my 
> php script and written to ldap.
>
> On my memberserver I get the following output of these commands:
> net getlocalsid     => S-1-5-21-1853263269-3041869306-167322181
> net getdomainsid     => S-1-5-21-290147797-1639656955-1287535205
I take it that you ran 'net getdomainsid' on the PDC and this is the SID
you are using.
>
> Is there no way to detect on my PDC what is the problem. Why is my PDC 
> Samba rejecting my samba member server...?
>
Permissions ?? Is the join correct ?

It has been sometime since I did anything major with an LDAP PDC and 
even then I used smbldap tools. It seems strange that 3.6 works but 
4.2.2 doesn't, have you looked into the bug report that was posted in 
this thread ?

 From my understanding, you should be able to use 4.2.x just like 3.6.x, 
but there are slight differences as I pointed out.

What are the problems, reasons etc for not moving to AD, I ask this 
because you seem to be trying to set up a new domain and surely this is 
the very time to upgrade.

Rowland
> Thanks for your help again,
>
> Roland

Hi!

How could I get the patch for  
https://bugzilla.samba.org/show_bug.cgi?id=11061 (Samba 4.2.2)?

The file I can gat from the page is anything by patch...

Janis

This is the patch: https://attachments.samba.org/attachment.cgi?id=11212

John

On Mon, Jul 6, 2015 at 1:06 PM,  <jd at ionica.lv>
wrote:
> Hi!
>
> How could I get the patch for
> https://bugzilla.samba.org/show_bug.cgi?id=11061 (Samba 4.2.2)?
>
> The file I can gat from the page is anything by patch...
>
> Janis
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
John M. Drescher