Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 918
  • Last Modified:

SAMBA - Problem modifying SID using pdbedit

After changing the SID of any account, eg:

pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-500 -u administrator -r

...the SID *is* changed successfully, but I get the following error:

| Unable to modify TDB passwd ! Error: Record does not exist
|  occured while storing the RID index (RID_000001f4)
| Unable to modify entry!

From this point whenever I try to change the password using smbpasswd, I get a similar error to that above.

Using pdbedit -x to remove the account gives the error "Unable to delete user <user>", but pdbedit -L doesn't list the account any more.

Using tdbdump I find there is a remnant left over in passdb.tdb.  Eg:

{
key(13) = "RID_00000bbc\00"
data(5) = "test\00"
}
{
key(13) = "INFO/version\00"
data(4) = "\02\00\00\00"
}

This problem only happens after changing the SID on an account.

Many thanks,
Steve :)
0
sda100
Asked:
sda100
  • 3
  • 2
  • 2
  • +1
1 Solution
 
pablouruguayCommented:
only for comment
you need to have the same SID in the samba and in the system, change in the samba but change in the /etc/passwd file too and try again
0
 
sda100Author Commented:
Thanks pablouruguay...

AFAIK, the UID:GID in /etc/passwd bears no relation to the SID given to accounts by Samba.  However, I tried your suggestion and it didn't work.

/etc/passwd contains:

administrator:*:1001:1001:Domain Administrator:/home/administrator:/usr/sbin/nologin

pdbedit -Lv administrator gives (after I changed the SID):

Unix username:        administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2411803954-1159576741-3064619986-500
Primary Group SID:    S-1-5-21-2411803954-1159576741-3064619986-512
Full Name:            Domain Administrator
0
 
NopiusCommented:
Try the following (with another SID):
pdbedit -U S-1-5-21-2411803954-1159576741-3064619986-1001 -u administrator -r

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
sda100Author Commented:
Hi Nopius,

Nopes, same problem I'm afraid.  Anyway, I have to set the RID to 500 as per MS Windows 'well-known' RID which will then match the domain administrator.  I'm following the official Samba-3 Howto and reference guide, and I've also posted to the Samba lists, but no reply from them either :(

Steve
0
 
NopiusCommented:
yes, I saw your post there. That's probably a bug unless a configuration error. Also I recommend you to compile the latest development version.
There where some SIP related bugs, probably fixed there.
I saw similar problem in mail archive, but it was resolved with ajusting SID to some other value, which is not your case.
0
 
pablouruguayCommented:
yes i agree with Nopius, is really extrange problem. maybe a bug
0
 
sda100Author Commented:
Well, I found a workaround, which is to delete the account, and set the RID in the same command as creating the account.
0
 
DarthModCommented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now