search for: sid

Hi all, i read the logfiles again and again and stumbled over some lines: [2020/10/07 11:25:45.191784,? 5] ../../libcli/security/security_token.c:63(security_token_debug) ? Security token SIDs (38): ??? SID[? 0]: S-1-5-21-3542048200-3079820972-537594794-55128 ??? SID[? 1]: S-1-5-21-3542048200-3079820972-537594794-513 ??? SID[? 2]: S-1-5-21-3542048200-3079820972-537594794-211797 ??? SID[? 3]: S-1-5-21-3542048200-3079820972-537594794-92780 ??? SID[? 4]: S-1-5-21-3542048200-3079820972...

On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote: > On 13/06/2019 07:55, Alexey A Nikitin wrote: > > On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >>>> I think you mean 'RID' instead of 'SID' > >>> Yes, you're right. The Windows people seem to use the terms synonymously. > >> I cannot help that, the SID identifies the domain and the RID is > >> appended to the end of the SID and identifies the object (user, > >> group,computer etc) > &...

Rowland, no domain user can authenticate on any system and running sysvolreset followed by sysvolcheck results in a crash. If the sysvol permissions are correct, sysvolcheck does not crash. If I attempt to join a NAS or workstation to the domain I get NT_STATUS_INVALID_SID. Researching these symptoms turns up a thread about a corrupt idmap.ldb where a group SID and user SID may be the same or something like that. They've been down for two days now. They do not have a backup DC. They did, but it was truck by lightning (it got the battery backup and all) and they...

...spent many days working on this but no luck . please help me :( following is the log . when i try to access samba share from windows 7. [2010/07/07 12:53:44.907353, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-103778645-3415079703-3562334698-8645 contains 58 SIDs SID[ 0]: S-1-5-21-103778645-3415079703-3562334698-8645 SID[ 1]: S-1-5-21-103778645-3415079703-3562334698-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-103778645-3415079703-3562334698-1629 SID[ 6]: S-1-5-21-103778645-3415079703-3562334698-1363 SID[...

...amba PDC with passdb.tdb backend ot LDAP backend, i need to be 100% clear on it. I can't find the reference to it anywhere, so if anyone can point me in the right way ..? What is confusing for me? I'll explain on example: 1. Scenario: Existing Samba PDC server (difference between Samba SID and User SID) [root at srv-022 etc]# net getlocalsid SID for domain SRV-022 is: S-1-5-21-3959513538-1809711307-1766237550 [root at srv-022 etc]# pdbedit -Lv | grep -i -A15 lang Unix username: lang NT username: Account Flags: [U ] User SID: S-1-5-21-110010030-2...

Hello I have a client who historical had a machinename with an underscore in it : samba_machine I had to get rid of the underscore names and changed the name to samba-machine. At the same time I upgraded to samba-3.0.11 to get a printer queue problem resolved. Now it seems the Domain SID has changed, so I changed the new SID back to the old one with net setlocalsid, because on all machines I had problems with logging in as domain Administrator (which was added as a local administrator , but with the old SID, so instead of the domain administrator name the old SID was listed as a lo...

Hi all, How does this look as a general approach to a SID.create method: # Creates and initializes def self.create(authority, *sub_authorities) if sub_authorities.length > 8 raise ArgumentError, ''maximum of 8 subauthorities allowed'' end authorities = Array.new(8, 0) authorities.replace(sub_authorities) count = a...

On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >> I think you mean 'RID' instead of 'SID' > > > Yes, you're right. The Windows people seem to use the terms synonymously. > I cannot help that, the SID identifies the domain and the RID is > appended to the end of the SID and identifies the object (user, > group,computer etc) > I believe a small clarific...

...hooks from [/[Default VFS]/] Initialising custom vfs hooks from [acl_xattr] Initialising custom vfs hooks from [dfs_samba4] connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol unpack_nt_owners: owner sid mapped to uid 0 unpack_nt_owners: group sid mapped to gid 512 set_nt_acl: chown /var/lib/samba/sysvol/cormatex.lan/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE. uid = 0, gid = 512. idmap range not specified for domain '*' get_privileges: No privileges assigned to SID [S-1-5-21...

I have a domain with Samba 3 acting as PDC, and using LDAP (passdb backend = ldapsam). I now wanted to add a second Samba 3 machine as a simple file server. I get errors with getdomainsid and getlocalsid, so there is obviously still something wrong with my config. The PDC runs Samba 3.5.6 on Debian Squeeze. Sid queries return: # net getdomainsid SID for local machine MY_PDC_HOST is: S-1-5-21-4174501313-1202754954-1084205825 SID for domain MY_DOMAIN is: S-1-5-21-417450...

...g_sign_pdu) > signed SMB2 message > [2017/01/31 10:08:43.323568, 4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) > setting sec ctx (5227, 513) - sec_ctx_stack_ndx = 0 > [2017/01/31 10:08:43.323612, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (45): > SID[ 0]: S-1-22-1-5227 > SID[ 1]: S-1-22-2-513 > SID[ 2]: S-1-5-21-12345678-123456789-868425949-35723 > SID[ 3]: S-1-5-32-551 > SID[ 4]: S-1-5-21-12345678-123456789-868425949-54195 > SID[ 5]: S-1-22-2-5923 > SID[ 6]: S-1-22-2-512 >...

Processing commands for control at bugs.debian.org: > tag 564974 + sid wheezy Bug #564974 [cyphesis-cpp] cyphesis-cpp: ftbfs with gcc-4.5 Added tag(s) wheezy. > tag 565026 + sid wheezy Bug #565026 [libfreebob] libfreebob: ftbfs with gcc-4.5 Added tag(s) wheezy. > tag 565051 + sid wheezy Bug #565051 [synopsis] synopsis: ftbfs with gcc-4.5 Added tag(s) wheezy. &gt...

Hi all, I have gotten the 'profiles' command to work for NT and Win2K profiles very well. In Windows XP, I am able to change the 'owner' but not the 'group' SID. It gives no errors but it just doesn't change them. A snippet of the profile in question is below: furnsrv:/data/samba/profiles/jon # profiles NTUSER.DAT |grep S-1-5 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-2127521184-1604012920-1887927527-513 Perms: 000F003F, SID: S-1-5-18...

....0.4 and samba 3.0.5, recently upgraded kerberos from 1.2.7 to 1.3.3 but see no difference. Running winbindd in debug doesn't seem to indicate any problem. Heres the output of winbindd anyway, with debug level 3 after a failed login attempt from windows: [ 2627]: getgrnam QG+TEST rpc: name_to_sid name=TEST name_to_sid [rpc] TEST for domain QG ads: dn_lookup ads: dn_lookup ads: dn_lookup ads: dn_lookup ads: dn_lookup ads lookup_groupmem for sid=S-1-5-21-842925246-1647877149-1417001333-57015 [ 2627]: getgrnam QG+TEST [ 2627]: getgrnam QG+TEST [ 2629]: request interface version [ 2629]: reques...

Hi, my problem is the following: i am trying to replace an old SUSE 8.2, Samba 2.2 domain controller with a SUSE 9.3 system with samba 3.0 as PDC. Everything works fine, i can join the new domain, i replaced the machine and domain sid from the new server with the old ones. But how can reuse the profiles from the old machine at the new one? If i make a simple remote copy, the settings of the users are lost, i miss my german keyboard layout and so on. I think that this is a problem regarding the sids of the users. How can i f...

IF a samba server is setup to be a domain controller, should it's local SID = the domain SID? Also, what are the requirements of a SID? I usually see S-1-5-21-x-y-z, where x,y,z = 10 digits, but could x,y,z be 1,2,3 (for example)? I.e. do they have to be 10 digit numbers or can they be shorter? If I have a simple setup, and want a sid I can remember can I just make i...

...st a Windows 2008 AD server. Comparing the success and failure debug logs I managed to capture, I see this difference: This line is present in the log of the failed attempt, but not the successful attempt: [2014/03/21 15:38:46.920046, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-3579304287-3829738268-3886208222-513 to gid, ignoring it My suspicion is that the AD server isn't responding when queried for information about this SID, or else winbind isn't doing something correctly. Given that winbind sometimes has wildly differing response times when queried...

..., 4, pid=2781, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0 [2020/06/05 16:40:40.672941, 5, pid=2781, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:63(security_token Security token SIDs (15): SID[ 0]: S-1-5-21-1151667668-222068009-1375177606-1010 SID[ 1]: S-1-5-21-1151667668-222068009-1375177606-513 SID[ 2]: S-1-5-21-1151667668-222068009-1375177606-1003 SID[ 3]: S-1-5-21-1151667668-222068009-1375177606-1006 SID[ 4]: S-1-5-21-1151667668-222068009-137517760...

...our PDC (samba 3.0.32 on SLES 10 SP2) which I kind of know how to solve after web research but I am unclear about the possible consequences for our domain and clients. The situation is this: Originally samba was set up on this machine to test. Back then its hostname was infrahostnew, so there is a SID for that NETBIOS name in secrets.tdb. When the PDC went in production, we had to change the hostname to infrahost. We then provisioned our domain MYDOMAIN. Now there is also a SID for MYDOMAIN in secrets.tdb which is different than the SID of infrahostnew. Also there is no SID at all for the new NE...

...Nikitin wrote: > On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote: >> On 13/06/2019 07:55, Alexey A Nikitin wrote: >>> On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: >>>>>> I think you mean 'RID' instead of 'SID' >>>>> Yes, you're right. The Windows people seem to use the terms synonymously. >>>> I cannot help that, the SID identifies the domain and the RID is >>>> appended to the end of the SID and identifies the object (user, >>>> group,computer...