NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Concern about 3.0.22->3.0.23b upgrade (algorithmic SIDsissue)
1 answers - 1070 bytes -
I'm compiling samba-3.0.23b as I write this. However, after studying the
documentation, I have some serious concerns about installing it.
The WHATSNEW file says that the method of mapping unix-native uids and
gids to SIDs has changed since 3.0.22. As I read this, this would imply
that upgrading Samba will cause much breakage because domain users will no
longer be able to access files they saved on their own harddisks.
The obvious way to fix this is to insert explicit mappings to the (now
legacy) algorithmic SIDs into Samba. But while it is possible to do this
with the "net groupmap" command for gids, there's no "net usermap" command
to do it with uids. And the user IDs are the bulk of the problem.
As I read the documentation, dumping the winbindd database, tampering
with it, and then restoring it might have the needed effect. But I don't
use winbindd
So, what's the procedure for a _seamless_ 22 -23b upgrade?
Michael Deutschmann <michael (AT) talamasca (DOT) ocis.net>No.1 | | 1699 bytes |
| 
PGP SIGNED MESSAGE
Hash: SHA1
Michael,
The WHATSNEW file says that the method of mapping
unix-native uids and gids to SIDs has changed since 3.0.22.
As I read this, this would imply that upgrading Samba
will cause much breakage because domain users will no
longer be able to access files they saved on their
own harddisks.
The obvious way to fix this is to insert explicit
mappings to the (now legacy) algorithmic SIDs into Samba.
But while it is possible to do this with the "net
groupmap" command for gids, there's no "net usermap"
command to do it with uids. And the user IDs are
the bulk of the problem.
I would recommend a couple of things:
(a) Use a test server. The 3.0.23 series has some
aggressive changes wrt to user's and groups.
(b) get the proposed 3.0.23c upgrade patch for 3.0.23b from
http://samba.org/~
This fixes several issues with standalone servers, domain
controllers, and local users on member servers.
Now a few comments:
If you are running a member server and using winbindd,
the SID allocation for domain users and groups does not
change.
You can use "net groupmap" to set up SIDs for groups
and 'pdbedit -a' to add users to the passdb (which
will give them an explicit SID in the machine's domain).
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
XpnXIyaecRNKl/zTZV7Knh0=
=uCNk
PGP SIGNATURE
QUESTION ON "Samba"
- winbindd and NT_STATUS_INVALID_COMPUTER_NAME
- [Fwd: Excel error]
- Using Samba on HP-UX and Windows 2000
- Winbind Problem after Update from 3.0.21b -> 3.0.23b
- Winbind Problem after Update from 3.0.21b -> 3.0.23b
- Error was Permission denied
- Windows 2003 server unable to join a Samba PDC
- Strange Usermapping problem with 3.0.23b
- Please help concerning my posting from 2004
- Wrong Username reported to MS Office if file is openedalready
- Preliminary 3.0.23c patch for testing and review
- Permission Problem --Windows or UNIX?
- Re-exporting CIFS file systems
- C99 structure initialisers and Samba3
- Excel error
- Never send the LM response on cached credentials
- Samba instead of SBS2k+3
- release_posix_lock: unable to find entry to delete withSamba3.0.23b on Redhat ES4
- samba4 readiness
- LDAP questions and password generation