SAMBA - Problem modifying SID using pdbedit
After changing the SID of any account, eg:
pdbedit -U S-1-5-21-2411803954-115957
...the SID *is* changed successfully, but I get the following error:
| Unable to modify TDB passwd ! Error: Record does not exist
| occured while storing the RID index (RID_000001f4)
| Unable to modify entry!
From this point whenever I try to change the password using smbpasswd, I get a similar error to that above.
Using pdbedit -x to remove the account gives the error "Unable to delete user <user>", but pdbedit -L doesn't list the account any more.
Using tdbdump I find there is a remnant left over in passdb.tdb. Eg:
{
key(13) = "RID_00000bbc\00"
data(5) = "test\00"
}
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}
This problem only happens after changing the SID on an account.
Many thanks,
Steve :)
pdbedit -U S-1-5-21-2411803954-115957
...the SID *is* changed successfully, but I get the following error:
| Unable to modify TDB passwd ! Error: Record does not exist
| occured while storing the RID index (RID_000001f4)
| Unable to modify entry!
From this point whenever I try to change the password using smbpasswd, I get a similar error to that above.
Using pdbedit -x to remove the account gives the error "Unable to delete user <user>", but pdbedit -L doesn't list the account any more.
Using tdbdump I find there is a remnant left over in passdb.tdb. Eg:
{
key(13) = "RID_00000bbc\00"
data(5) = "test\00"
}
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}
This problem only happens after changing the SID on an account.
Many thanks,
Steve :)
ASKER
Thanks pablouruguay...
AFAIK, the UID:GID in /etc/passwd bears no relation to the SID given to accounts by Samba. However, I tried your suggestion and it didn't work.
/etc/passwd contains:
administrator:*:1001:1001:
pdbedit -Lv administrator gives (after I changed the SID):
Unix username: administrator
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2411803954-115957
Primary Group SID: S-1-5-21-2411803954-115957
Full Name: Domain Administrator
AFAIK, the UID:GID in /etc/passwd bears no relation to the SID given to accounts by Samba. However, I tried your suggestion and it didn't work.
/etc/passwd contains:
administrator:*:1001:1001:
pdbedit -Lv administrator gives (after I changed the SID):
Unix username: administrator
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2411803954-115957
Primary Group SID: S-1-5-21-2411803954-115957
Full Name: Domain Administrator
Try the following (with another SID):
pdbedit -U S-1-5-21-2411803954-115957
pdbedit -U S-1-5-21-2411803954-115957
ASKER
Hi Nopius,
Nopes, same problem I'm afraid. Anyway, I have to set the RID to 500 as per MS Windows 'well-known' RID which will then match the domain administrator. I'm following the official Samba-3 Howto and reference guide, and I've also posted to the Samba lists, but no reply from them either :(
Steve
Nopes, same problem I'm afraid. Anyway, I have to set the RID to 500 as per MS Windows 'well-known' RID which will then match the domain administrator. I'm following the official Samba-3 Howto and reference guide, and I've also posted to the Samba lists, but no reply from them either :(
Steve
yes, I saw your post there. That's probably a bug unless a configuration error. Also I recommend you to compile the latest development version.
There where some SIP related bugs, probably fixed there.
I saw similar problem in mail archive, but it was resolved with ajusting SID to some other value, which is not your case.
There where some SIP related bugs, probably fixed there.
I saw similar problem in mail archive, but it was resolved with ajusting SID to some other value, which is not your case.
yes i agree with Nopius, is really extrange problem. maybe a bug
ASKER
Well, I found a workaround, which is to delete the account, and set the RID in the same command as creating the account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you need to have the same SID in the samba and in the system, change in the samba but change in the /etc/passwd file too and try again