Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SAMBA - Problem modifying SID using pdbedit

Posted on 2006-07-04
9
Medium Priority
?
876 Views
Last Modified: 2008-01-09
After changing the SID of any account, eg:

pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-500 -u administrator -r

...the SID *is* changed successfully, but I get the following error:

| Unable to modify TDB passwd ! Error: Record does not exist
|  occured while storing the RID index (RID_000001f4)
| Unable to modify entry!

From this point whenever I try to change the password using smbpasswd, I get a similar error to that above.

Using pdbedit -x to remove the account gives the error "Unable to delete user <user>", but pdbedit -L doesn't list the account any more.

Using tdbdump I find there is a remnant left over in passdb.tdb.  Eg:

{
key(13) = "RID_00000bbc\00"
data(5) = "test\00"
}
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}

This problem only happens after changing the SID on an account.

Many thanks,
Steve :)
0
Comment
Question by:sda100
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17038521
only for comment
you need to have the same SID in the samba and in the system, change in the samba but change in the /etc/passwd file too and try again
0
 
LVL 9

Author Comment

by:sda100
ID: 17038650
Thanks pablouruguay...

AFAIK, the UID:GID in /etc/passwd bears no relation to the SID given to accounts by Samba.  However, I tried your suggestion and it didn't work.

/etc/passwd contains:

administrator:*:1001:1001:Domain Administrator:/home/administrator:/usr/sbin/nologin

pdbedit -Lv administrator gives (after I changed the SID):

Unix username:        administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2411803954-1159576741-3064619986-500
Primary Group SID:    S-1-5-21-2411803954-1159576741-3064619986-512
Full Name:            Domain Administrator
0
 
LVL 27

Expert Comment

by:Nopius
ID: 17055919
Try the following (with another SID):
pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-1001 -u administrator -r

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 9

Author Comment

by:sda100
ID: 17056417
Hi Nopius,

Nopes, same problem I'm afraid.  Anyway, I have to set the RID to 500 as per MS Windows 'well-known' RID which will then match the domain administrator.  I'm following the official Samba-3 Howto and reference guide, and I've also posted to the Samba lists, but no reply from them either :(

Steve
0
 
LVL 27

Expert Comment

by:Nopius
ID: 17056477
yes, I saw your post there. That's probably a bug unless a configuration error. Also I recommend you to compile the latest development version.
There where some SIP related bugs, probably fixed there.
I saw similar problem in mail archive, but it was resolved with ajusting SID to some other value, which is not your case.
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17057677
yes i agree with Nopius, is really extrange problem. maybe a bug
0
 
LVL 9

Author Comment

by:sda100
ID: 17214377
Well, I found a workaround, which is to delete the account, and set the RID in the same command as creating the account.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17419344
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question