[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

SAMBA - Problem modifying SID using pdbedit

Posted on 2006-07-04
9
Medium Priority
?
854 Views
Last Modified: 2008-01-09
After changing the SID of any account, eg:

pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-500 -u administrator -r

...the SID *is* changed successfully, but I get the following error:

| Unable to modify TDB passwd ! Error: Record does not exist
|  occured while storing the RID index (RID_000001f4)
| Unable to modify entry!

From this point whenever I try to change the password using smbpasswd, I get a similar error to that above.

Using pdbedit -x to remove the account gives the error "Unable to delete user <user>", but pdbedit -L doesn't list the account any more.

Using tdbdump I find there is a remnant left over in passdb.tdb.  Eg:

{
key(13) = "RID_00000bbc\00"
data(5) = "test\00"
}
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}

This problem only happens after changing the SID on an account.

Many thanks,
Steve :)
0
Comment
Question by:sda100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17038521
only for comment
you need to have the same SID in the samba and in the system, change in the samba but change in the /etc/passwd file too and try again
0
 
LVL 9

Author Comment

by:sda100
ID: 17038650
Thanks pablouruguay...

AFAIK, the UID:GID in /etc/passwd bears no relation to the SID given to accounts by Samba.  However, I tried your suggestion and it didn't work.

/etc/passwd contains:

administrator:*:1001:1001:Domain Administrator:/home/administrator:/usr/sbin/nologin

pdbedit -Lv administrator gives (after I changed the SID):

Unix username:        administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2411803954-1159576741-3064619986-500
Primary Group SID:    S-1-5-21-2411803954-1159576741-3064619986-512
Full Name:            Domain Administrator
0
 
LVL 27

Expert Comment

by:Nopius
ID: 17055919
Try the following (with another SID):
pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-1001 -u administrator -r

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 9

Author Comment

by:sda100
ID: 17056417
Hi Nopius,

Nopes, same problem I'm afraid.  Anyway, I have to set the RID to 500 as per MS Windows 'well-known' RID which will then match the domain administrator.  I'm following the official Samba-3 Howto and reference guide, and I've also posted to the Samba lists, but no reply from them either :(

Steve
0
 
LVL 27

Expert Comment

by:Nopius
ID: 17056477
yes, I saw your post there. That's probably a bug unless a configuration error. Also I recommend you to compile the latest development version.
There where some SIP related bugs, probably fixed there.
I saw similar problem in mail archive, but it was resolved with ajusting SID to some other value, which is not your case.
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17057677
yes i agree with Nopius, is really extrange problem. maybe a bug
0
 
LVL 9

Author Comment

by:sda100
ID: 17214377
Well, I found a workaround, which is to delete the account, and set the RID in the same command as creating the account.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17419344
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question