Bug 1207 - When the hostname is changed, group resolution via Explorer for groups previously mapped with netgroupmap does not work
Summary: When the hostname is changed, group resolution via Explorer for groups previo...
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.2a
Hardware: Other All
: P2 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-22 15:03 UTC by Marc Kaplan
Modified: 2005-02-25 10:18 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Kaplan 2004-03-22 15:03:32 UTC
I experience this problem by doing the following:
1. Start with hostnameA
2. Create some groups
3. Map them with net groupmap
4. Add these groups as ACEs to ACLs via explorer
5. Change your hostname
6. Look at the ACLs you set in step 4. Notice that the groups cannot be mapped 
to groupnames, but instead show as SIDs.

When this happens the following is printed in log.smbd:
  init_sam_user_info_21A: User admin has Primary Group SID 
S-1-5-21-4202287564-1893543878-3578013228-
1201,
  which conflicts with the domain sid S-1-5-21-754054363-3587102059-2320492328.  
Failing operation.
[2004/03/22 22:14:59, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6064)
  init_sam_user_info_21A: User admin has Primary Group SID 
S-1-5-21-4202287564-1893543878-3578013228-
1201,
  which conflicts with the domain sid S-1-5-21-754054363-3587102059-2320492328.  
Failing operation.

This, according to abartlet is because we are changing the local SAM SID, when 
the hostname changes, and perhaps we shouldn't be doing that. I resolved my 
problem by doing the following:

for i in `cat list of groups`
do net groupmap delete $i
done

for i in `cat list of groups`
do net groupmap add $i
done

/etc/rc.d/init.d/smbd restart

But this, according to abartlet was "totally bogus" ;). He thinks net 
getlocalsid/setlocalsid should be used here, and that there should be no user 
intervention when this kind of things happens, which I would have to agree with.
Comment 1 Andrew Bartlett 2005-02-19 02:41:48 UTC
I'm not doing that kind of Samba3 stuff any more.  Reassign (sorry Jerry)
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-25 10:18:12 UTC
Currently this is expected behavior and documented as well.
When you change the name, the local SID changes and so
all the group mapping are invalidated.  We could do better 
at this, but the current behavior is by design.  Feel free 
to submit a patch.