samba - Jun 2020 - It seems to have bug for @group to set in valid or invalid conf

Hi all,

I am using samba 4.10.7 and it seems to have bug for using @group in valid
or invalid conf (?). And i can't find fixed patch in later release. I
describe this issue detail below:

1. Firstly, there is my samba conf below (Add @d_group in "invalid
users"):
(smb_share.conf)
[f1]
path = /home/f1
write list = "admin" "@Administrator_Group"
"@User_Group" "root"
invalid users = "guest" "@d_group"
valid users = "admin" "@Administrator_Group"
"@User_Group" "root"
browsable = Yes
public = Yes
force directory mode = 0777
directory mode = 0777
force create mode = 0777
create mask = 0777
recycle:repository = @recycle
recycle:directory_mode = 0777
recycle:keeptree = yes
recycle:versions = yes
recycle:exclude_dir = .streams
recycle:minsize = 1
vfs objects = shadow_copy2 catia fruit streams_xattr streams_depot
aio_pthread recycle
shadow: format = %Y%m%d-%H%M%S
shadow: sort = desc
shadow: snapdir = .snapshot
shadow: localtime = yes
fruit:nfs_aces = no
fruit:veto_appledouble = no
aio read size = 65536
aio write size = 1
aio_pthread:aio num threads = 1024
smb encrypt = disabled
(global.conf)
[global]
deadtime = 1
guest account = guest
map to guest = Never
log file = /home/samba/log/
max log size = 500000
load printers = no
printcap name = /dev/null
printing = bsd
dns proxy = no
max protocol = SMB3
use sendfile = Yes
socket options = SO_SNDBUF=33554432 TCP_NODELAY
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
inherit permissions = Yes
delete veto files = yes
ntlm auth = yes
streams_depot:delete_lost = yes
ldap timeout = 300
smb2 max write = 1048576
state directory = /home/samba_state
lock directory = /var/lock/samba
cache directory = /home/samba_cache
log level = 10
nt acl support = no

2. I add the user bbb in my debian and not in group "d_group":
# getent group
root:x:0:root
Administrator_Group:x:1:admin
User_Group:x:101:admin,aaa,bbb
Guest_Group:x:65534:guest
Hidden_Group:x:201:admin
fuse:x:102:admin
davfs2:x:103:davfs2
a_group:x:1000:aaa,bbb
b_group:x:1001:aaa,bbb
c_group:x:1002:bbb
d_group:x:1003:


3. But when i open samba log and trying use user bbb to login //$myip/f1 on
Windows and i got the denied permission.
   But user bbb is not in d_group. There are somethings mess up.

4. I saw the log in samba below:
[2020/06/05 16:40:40.672747, 10, pid=2781, effective(0, 0), real(0, 0),
class=vfs] ../../source3/smbd/vfs.c:65(vfs_find_backend_
  vfs_find_backend_entry called for /[Default VFS]/
  Successfully loaded vfs module [/[Default VFS]/] with the new modules
system
[2020/06/05 16:40:40.672789, 10, pid=2781, effective(0, 0), real(0, 0)]
../../source3/smbd/service.c:70(set_conn_connectpath)
  set_conn_connectpath: service IPC$, connectpath = /tmpfs/tmp
[2020/06/05 16:40:40.672815, 10, pid=2781, effective(0, 0), real(0, 0)]
../../source3/smbd/share_access.c:220(user_ok_token)
  user_ok_token: share IPC$ is ok for unix user bbb
[2020/06/05 16:40:40.672840, 10, pid=2781, effective(0, 0), real(0, 0)]
../../source3/smbd/share_access.c:271(is_share_read_only
  is_share_read_only_for_user: share IPC$ is read-only for unix user bbb
[2020/06/05 16:40:40.672868, 10, pid=2781, effective(0, 0), real(0, 0)]
../../libcli/security/access_check.c:366(se_file_access_
  se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff
[2020/06/05 16:40:40.672915,  4, pid=2781, effective(0, 0), real(0, 0)]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0
[2020/06/05 16:40:40.672941,  5, pid=2781, effective(0, 0), real(0, 0)]
../../libcli/security/security_token.c:63(security_token
  Security token SIDs (15):
    SID[  0]: S-1-5-21-1151667668-222068009-1375177606-1010
    SID[  1]: S-1-5-21-1151667668-222068009-1375177606-513
    SID[  2]: S-1-5-21-1151667668-222068009-1375177606-1003
    SID[  3]: S-1-5-21-1151667668-222068009-1375177606-1006
    SID[  4]: S-1-5-21-1151667668-222068009-1375177606-1008
    SID[  5]: S-1-22-2-1000
    SID[  6]: S-1-1-0
    SID[  7]: S-1-5-2
    SID[  8]: S-1-5-11
    SID[  9]: S-1-5-21-1151667668-222068009-1375177606-1009
    SID[ 10]: S-1-22-1-1003
    SID[ 11]: S-1-22-2-101
    SID[ 12]: S-1-22-2-1001
    SID[ 13]: S-1-22-2-1002
    SID[ 14]: S-1-22-2-1003
   Privileges (0x               0):
   Rights (0x               0):
[2020/06/05 16:40:40.673111,  5, pid=2781, effective(0, 0), real(0, 0)]
../../source3/auth/token_util.c:866(debug_unix_user_toke
  UNIX token of user 1003
  Primary group is 101 and contains 5 supplementary groups
  Group[  0]: 101
  Group[  1]: 1001
  Group[  2]: 1002
  Group[  3]: 1000
  Group[  4]: 1003

5. Why "bbb" user is notin d_group but the Security token SIDs will
have
d_group's sid (S-1-5-21-1151667668-222068009-1375177606-1009) ??
   I thinks this is the reason why i be denied to access "f1". Because
in
program /source3/smbd/share_access.c function "token_contains_name"
   will check "nt_token_check_sid" & "user_in_netgroup".
But i absolutely
sure my user "bbb" is not in netgroup, the problem
   is on function "nt_token_check_sid". Function
"nt_token_check_sid" will
check Security token SIDs if match.

   # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1010
      XN7004T-FF1628\bbb 1
   # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1003
      XN7004T-FF1628\User_Group 4
   # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1006
      XN7004T-FF1628\b_group 4
   # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1008
      XN7004T-FF1628\c_group 4
   # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1009
      XN7004T-FF1628\d_group 4
   # wbinfo --sid-to-name=S-1-22-1-1003
      Unix User\bbb 1
   # wbinfo --sid-to-name=S-1-22-1-101
      Unix User\davfs2 1
   # wbinfo --sid-to-name=S-1-22-1-1001
      Unix User\aaa 1
   # wbinfo --sid-to-name=S-1-22-1-1002
      Unix User\1002 1
   # wbinfo --sid-to-name=S-1-22-1-1003
      Unix User\bbb 1


6. My questions are:
   1. How samba to get Security token SIDs ?
   2. And i wonder whate reason will cause the Security token SIDs mess up ?


Note: This issue is occurs in random. Sometimes you will get the true sids
but sometimes is not.



Thanks,
Jeremy

No one care then i closed it. Thanks.

On Fri, Jun 5, 2020 at 5:18 PM Jeremy <jeremy55662004 at gmail.com> wrote:
> Hi all,
>
> I am using samba 4.10.7 and it seems to have bug for using @group in valid
> or invalid conf (?). And i can't find fixed patch in later release. I
> describe this issue detail below:
>
> 1. Firstly, there is my samba conf below (Add @d_group in "invalid
users"):
> (smb_share.conf)
> [f1]
> path = /home/f1
> write list = "admin" "@Administrator_Group"
"@User_Group" "root"
> invalid users = "guest" "@d_group"
> valid users = "admin" "@Administrator_Group"
"@User_Group" "root"
> browsable = Yes
> public = Yes
> force directory mode = 0777
> directory mode = 0777
> force create mode = 0777
> create mask = 0777
> recycle:repository = @recycle
> recycle:directory_mode = 0777
> recycle:keeptree = yes
> recycle:versions = yes
> recycle:exclude_dir = .streams
> recycle:minsize = 1
> vfs objects = shadow_copy2 catia fruit streams_xattr streams_depot
> aio_pthread recycle
> shadow: format = %Y%m%d-%H%M%S
> shadow: sort = desc
> shadow: snapdir = .snapshot
> shadow: localtime = yes
> fruit:nfs_aces = no
> fruit:veto_appledouble = no
> aio read size = 65536
> aio write size = 1
> aio_pthread:aio num threads = 1024
> smb encrypt = disabled
> (global.conf)
> [global]
> deadtime = 1
> guest account = guest
> map to guest = Never
> log file = /home/samba/log/
> max log size = 500000
> load printers = no
> printcap name = /dev/null
> printing = bsd
> dns proxy = no
> max protocol = SMB3
> use sendfile = Yes
> socket options = SO_SNDBUF=33554432 TCP_NODELAY
> inherit acls = Yes
> map acl inherit = Yes
> store dos attributes = Yes
> inherit permissions = Yes
> delete veto files = yes
> ntlm auth = yes
> streams_depot:delete_lost = yes
> ldap timeout = 300
> smb2 max write = 1048576
> state directory = /home/samba_state
> lock directory = /var/lock/samba
> cache directory = /home/samba_cache
> log level = 10
> nt acl support = no
>
> 2. I add the user bbb in my debian and not in group "d_group":
> # getent group
> root:x:0:root
> Administrator_Group:x:1:admin
> User_Group:x:101:admin,aaa,bbb
> Guest_Group:x:65534:guest
> Hidden_Group:x:201:admin
> fuse:x:102:admin
> davfs2:x:103:davfs2
> a_group:x:1000:aaa,bbb
> b_group:x:1001:aaa,bbb
> c_group:x:1002:bbb
> d_group:x:1003:
>
>
> 3. But when i open samba log and trying use user bbb to login //$myip/f1
> on Windows and i got the denied permission.
>    But user bbb is not in d_group. There are somethings mess up.
>
> 4. I saw the log in samba below:
> [2020/06/05 16:40:40.672747, 10, pid=2781, effective(0, 0), real(0, 0),
> class=vfs] ../../source3/smbd/vfs.c:65(vfs_find_backend_
>   vfs_find_backend_entry called for /[Default VFS]/
>   Successfully loaded vfs module [/[Default VFS]/] with the new modules
> system
> [2020/06/05 16:40:40.672789, 10, pid=2781, effective(0, 0), real(0, 0)]
> ../../source3/smbd/service.c:70(set_conn_connectpath)
>   set_conn_connectpath: service IPC$, connectpath = /tmpfs/tmp
> [2020/06/05 16:40:40.672815, 10, pid=2781, effective(0, 0), real(0, 0)]
> ../../source3/smbd/share_access.c:220(user_ok_token)
>   user_ok_token: share IPC$ is ok for unix user bbb
> [2020/06/05 16:40:40.672840, 10, pid=2781, effective(0, 0), real(0, 0)]
> ../../source3/smbd/share_access.c:271(is_share_read_only
>   is_share_read_only_for_user: share IPC$ is read-only for unix user bbb
> [2020/06/05 16:40:40.672868, 10, pid=2781, effective(0, 0), real(0, 0)]
> ../../libcli/security/access_check.c:366(se_file_access_
>   se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff
> [2020/06/05 16:40:40.672915,  4, pid=2781, effective(0, 0), real(0, 0)]
> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>   setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0
> [2020/06/05 16:40:40.672941,  5, pid=2781, effective(0, 0), real(0, 0)]
> ../../libcli/security/security_token.c:63(security_token
>   Security token SIDs (15):
>     SID[  0]: S-1-5-21-1151667668-222068009-1375177606-1010
>     SID[  1]: S-1-5-21-1151667668-222068009-1375177606-513
>     SID[  2]: S-1-5-21-1151667668-222068009-1375177606-1003
>     SID[  3]: S-1-5-21-1151667668-222068009-1375177606-1006
>     SID[  4]: S-1-5-21-1151667668-222068009-1375177606-1008
>     SID[  5]: S-1-22-2-1000
>     SID[  6]: S-1-1-0
>     SID[  7]: S-1-5-2
>     SID[  8]: S-1-5-11
>     SID[  9]: S-1-5-21-1151667668-222068009-1375177606-1009
>     SID[ 10]: S-1-22-1-1003
>     SID[ 11]: S-1-22-2-101
>     SID[ 12]: S-1-22-2-1001
>     SID[ 13]: S-1-22-2-1002
>     SID[ 14]: S-1-22-2-1003
>    Privileges (0x               0):
>    Rights (0x               0):
> [2020/06/05 16:40:40.673111,  5, pid=2781, effective(0, 0), real(0, 0)]
> ../../source3/auth/token_util.c:866(debug_unix_user_toke
>   UNIX token of user 1003
>   Primary group is 101 and contains 5 supplementary groups
>   Group[  0]: 101
>   Group[  1]: 1001
>   Group[  2]: 1002
>   Group[  3]: 1000
>   Group[  4]: 1003
>
> 5. Why "bbb" user is notin d_group but the Security token SIDs
will have
> d_group's sid (S-1-5-21-1151667668-222068009-1375177606-1009) ??
>    I thinks this is the reason why i be denied to access "f1".
Because in
> program /source3/smbd/share_access.c function
"token_contains_name"
>    will check "nt_token_check_sid" &
"user_in_netgroup". But i absolutely
> sure my user "bbb" is not in netgroup, the problem
>    is on function "nt_token_check_sid". Function
"nt_token_check_sid" will
> check Security token SIDs if match.
>
>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1010
>       XN7004T-FF1628\bbb 1
>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1003
>       XN7004T-FF1628\User_Group 4
>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1006
>       XN7004T-FF1628\b_group 4
>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1008
>       XN7004T-FF1628\c_group 4
>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1009
>       XN7004T-FF1628\d_group 4
>    # wbinfo --sid-to-name=S-1-22-1-1003
>       Unix User\bbb 1
>    # wbinfo --sid-to-name=S-1-22-1-101
>       Unix User\davfs2 1
>    # wbinfo --sid-to-name=S-1-22-1-1001
>       Unix User\aaa 1
>    # wbinfo --sid-to-name=S-1-22-1-1002
>       Unix User\1002 1
>    # wbinfo --sid-to-name=S-1-22-1-1003
>       Unix User\bbb 1
>
>
> 6. My questions are:
>    1. How samba to get Security token SIDs ?
>    2. And i wonder whate reason will cause the Security token SIDs mess up
> ?
>
>
> Note: This issue is occurs in random. Sometimes you will get the true sids
> but sometimes is not.
>
>
>
> Thanks,
> Jeremy
>

On 13/06/2020 16:35, Jeremy via samba wrote:
> No one care then i closed it. Thanks.
>
It isn't that no one cares, it is just that no one knows the answer :-(

You could try removing the double quotes and the '@' from the write list
and valid users lines

I take it that you have created Samba users with 'smbpasswd -a username'

You should also add 'security = user' to your smb.conf

Rowland

Thanks, Rowland. i will try your suggestions. Thanks.

Jeremy

On Sat, Jun 13, 2020 at 11:35 PM Jeremy <jeremy55662004 at gmail.com>
wrote:
> No one care then i closed it. Thanks.
>
> On Fri, Jun 5, 2020 at 5:18 PM Jeremy <jeremy55662004 at gmail.com>
wrote:
>
>> Hi all,
>>
>> I am using samba 4.10.7 and it seems to have bug for using @group in
>> valid or invalid conf (?). And i can't find fixed patch in later
release. I
>> describe this issue detail below:
>>
>> 1. Firstly, there is my samba conf below (Add @d_group in "invalid
>> users"):
>> (smb_share.conf)
>> [f1]
>> path = /home/f1
>> write list = "admin" "@Administrator_Group"
"@User_Group" "root"
>> invalid users = "guest" "@d_group"
>> valid users = "admin" "@Administrator_Group"
"@User_Group" "root"
>> browsable = Yes
>> public = Yes
>> force directory mode = 0777
>> directory mode = 0777
>> force create mode = 0777
>> create mask = 0777
>> recycle:repository = @recycle
>> recycle:directory_mode = 0777
>> recycle:keeptree = yes
>> recycle:versions = yes
>> recycle:exclude_dir = .streams
>> recycle:minsize = 1
>> vfs objects = shadow_copy2 catia fruit streams_xattr streams_depot
>> aio_pthread recycle
>> shadow: format = %Y%m%d-%H%M%S
>> shadow: sort = desc
>> shadow: snapdir = .snapshot
>> shadow: localtime = yes
>> fruit:nfs_aces = no
>> fruit:veto_appledouble = no
>> aio read size = 65536
>> aio write size = 1
>> aio_pthread:aio num threads = 1024
>> smb encrypt = disabled
>> (global.conf)
>> [global]
>> deadtime = 1
>> guest account = guest
>> map to guest = Never
>> log file = /home/samba/log/
>> max log size = 500000
>> load printers = no
>> printcap name = /dev/null
>> printing = bsd
>> dns proxy = no
>> max protocol = SMB3
>> use sendfile = Yes
>> socket options = SO_SNDBUF=33554432 TCP_NODELAY
>> inherit acls = Yes
>> map acl inherit = Yes
>> store dos attributes = Yes
>> inherit permissions = Yes
>> delete veto files = yes
>> ntlm auth = yes
>> streams_depot:delete_lost = yes
>> ldap timeout = 300
>> smb2 max write = 1048576
>> state directory = /home/samba_state
>> lock directory = /var/lock/samba
>> cache directory = /home/samba_cache
>> log level = 10
>> nt acl support = no
>>
>> 2. I add the user bbb in my debian and not in group
"d_group":
>> # getent group
>> root:x:0:root
>> Administrator_Group:x:1:admin
>> User_Group:x:101:admin,aaa,bbb
>> Guest_Group:x:65534:guest
>> Hidden_Group:x:201:admin
>> fuse:x:102:admin
>> davfs2:x:103:davfs2
>> a_group:x:1000:aaa,bbb
>> b_group:x:1001:aaa,bbb
>> c_group:x:1002:bbb
>> d_group:x:1003:
>>
>>
>> 3. But when i open samba log and trying use user bbb to login
//$myip/f1
>> on Windows and i got the denied permission.
>>    But user bbb is not in d_group. There are somethings mess up.
>>
>> 4. I saw the log in samba below:
>> [2020/06/05 16:40:40.672747, 10, pid=2781, effective(0, 0), real(0, 0),
>> class=vfs] ../../source3/smbd/vfs.c:65(vfs_find_backend_
>>   vfs_find_backend_entry called for /[Default VFS]/
>>   Successfully loaded vfs module [/[Default VFS]/] with the new modules
>> system
>> [2020/06/05 16:40:40.672789, 10, pid=2781, effective(0, 0), real(0, 0)]
>> ../../source3/smbd/service.c:70(set_conn_connectpath)
>>   set_conn_connectpath: service IPC$, connectpath = /tmpfs/tmp
>> [2020/06/05 16:40:40.672815, 10, pid=2781, effective(0, 0), real(0, 0)]
>> ../../source3/smbd/share_access.c:220(user_ok_token)
>>   user_ok_token: share IPC$ is ok for unix user bbb
>> [2020/06/05 16:40:40.672840, 10, pid=2781, effective(0, 0), real(0, 0)]
>> ../../source3/smbd/share_access.c:271(is_share_read_only
>>   is_share_read_only_for_user: share IPC$ is read-only for unix user
bbb
>> [2020/06/05 16:40:40.672868, 10, pid=2781, effective(0, 0), real(0, 0)]
>> ../../libcli/security/access_check.c:366(se_file_access_
>>   se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff
>> [2020/06/05 16:40:40.672915,  4, pid=2781, effective(0, 0), real(0, 0)]
>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>   setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0
>> [2020/06/05 16:40:40.672941,  5, pid=2781, effective(0, 0), real(0, 0)]
>> ../../libcli/security/security_token.c:63(security_token
>>   Security token SIDs (15):
>>     SID[  0]: S-1-5-21-1151667668-222068009-1375177606-1010
>>     SID[  1]: S-1-5-21-1151667668-222068009-1375177606-513
>>     SID[  2]: S-1-5-21-1151667668-222068009-1375177606-1003
>>     SID[  3]: S-1-5-21-1151667668-222068009-1375177606-1006
>>     SID[  4]: S-1-5-21-1151667668-222068009-1375177606-1008
>>     SID[  5]: S-1-22-2-1000
>>     SID[  6]: S-1-1-0
>>     SID[  7]: S-1-5-2
>>     SID[  8]: S-1-5-11
>>     SID[  9]: S-1-5-21-1151667668-222068009-1375177606-1009
>>     SID[ 10]: S-1-22-1-1003
>>     SID[ 11]: S-1-22-2-101
>>     SID[ 12]: S-1-22-2-1001
>>     SID[ 13]: S-1-22-2-1002
>>     SID[ 14]: S-1-22-2-1003
>>    Privileges (0x               0):
>>    Rights (0x               0):
>> [2020/06/05 16:40:40.673111,  5, pid=2781, effective(0, 0), real(0, 0)]
>> ../../source3/auth/token_util.c:866(debug_unix_user_toke
>>   UNIX token of user 1003
>>   Primary group is 101 and contains 5 supplementary groups
>>   Group[  0]: 101
>>   Group[  1]: 1001
>>   Group[  2]: 1002
>>   Group[  3]: 1000
>>   Group[  4]: 1003
>>
>> 5. Why "bbb" user is notin d_group but the Security token
SIDs will have
>> d_group's sid (S-1-5-21-1151667668-222068009-1375177606-1009) ??
>>    I thinks this is the reason why i be denied to access
"f1". Because in
>> program /source3/smbd/share_access.c function
"token_contains_name"
>>    will check "nt_token_check_sid" &
"user_in_netgroup". But i absolutely
>> sure my user "bbb" is not in netgroup, the problem
>>    is on function "nt_token_check_sid". Function
"nt_token_check_sid"
>> will check Security token SIDs if match.
>>
>>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1010
>>       XN7004T-FF1628\bbb 1
>>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1003
>>       XN7004T-FF1628\User_Group 4
>>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1006
>>       XN7004T-FF1628\b_group 4
>>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1008
>>       XN7004T-FF1628\c_group 4
>>    # wbinfo --sid-to-name=S-1-5-21-1151667668-222068009-1375177606-1009
>>       XN7004T-FF1628\d_group 4
>>    # wbinfo --sid-to-name=S-1-22-1-1003
>>       Unix User\bbb 1
>>    # wbinfo --sid-to-name=S-1-22-1-101
>>       Unix User\davfs2 1
>>    # wbinfo --sid-to-name=S-1-22-1-1001
>>       Unix User\aaa 1
>>    # wbinfo --sid-to-name=S-1-22-1-1002
>>       Unix User\1002 1
>>    # wbinfo --sid-to-name=S-1-22-1-1003
>>       Unix User\bbb 1
>>
>>
>> 6. My questions are:
>>    1. How samba to get Security token SIDs ?
>>    2. And i wonder whate reason will cause the Security token SIDs mess
>> up ?
>>
>>
>> Note: This issue is occurs in random. Sometimes you will get the true
>> sids but sometimes is not.
>>
>>
>>
>> Thanks,
>> Jeremy
>>
>