Using the older /usr/bin/profile (version number 3.0.33-3.29.el5_5.1) I can execute the following command line and I get he desired effect of changing the SID for the user within the registry file (I renamed the original version) /usr/bin/profiles_old -c S-1-5-21-HIDDEN-HIDDEN-581009308-5424 -n S-1-5-21-HIDDEN-HIDDEN-581009308-5452 NTUSER.DAT Using the current /usr/bin/profile (version number 3.6.6-0.129.el5) I cannot change the SID within the SAME file, as I get lots of errors: ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_security_descriptor failed: Buffer Size Error prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. .... .... .... regfio_rootkey: corrupt registry file ? No root key record located Could not get rootkey I have searched the net and have asked many times to get an answer. I have not been able to do this for quite some time. I rely on this for new user configuration. thanks Jobst
Is the title misleading? With 3.0.x it worked, but with 3.6.6 it fails? Do you have checked with other releases as well (just for curiosity)?
(In reply to comment #2) > Is the title misleading? With 3.0.x it worked, but with 3.6.6 it fails? Do you > have checked with other releases as well (just for curiosity)? Title is not misleading, it works with a 3.0.33-3.29 "profile" binary but it does not work with a 3.6.6-0.129 "profile" binary. I know that in 12 November 2011 I updated to the samba-common-3.0.33-3.29.el5_5.1.x86_64 series as per YUM log, but then I changed across to the samba3x branch on the 25.11.2011, and my problems started with the profile binary. I have just checked my YUM logs, I can see them as far back as: - 3.5.4-0.83.el5_7.2.x86_64 - 3.5.10-0.109.el5_8.x86_6 - 3.5.10-0.110.el5_8.x86_64 - 3.6.6-0.129.el5.x86_64 I know it did not work with any of those samba3x, but I always kept the older version of the "profile" binary. I know it was a clear choice I did at the time, because of reading various messages on CentOS and Samba based mailing lists, especially because of growing numbers of Windows 7 workstations in my company, so I am really happy using the samba3x branch. The only thing that bothers me a bit is the problem I am having is with the profile binary. I checked out the source code and around line 260 (from memory) there is if ((nk = regfio_rootkey( infile )) == NULL) { fprintf(stderr, "Could not get rootkey\n"); exit(3); } but, sorry, I don't know what regfio_rootkey is doing, have not had the time to understand that part (I have a comp sci degree with post grad). So in short, it seems to work with the samba- branch but not with the samba3x- branch. It may just be that the registry file that is expected is of different format? Does it expect a Win7 registry file but it is getting a WinXP file? But that is not good as it has to work with a WinXP registry format too? thanks Jobst
Any news on this one?
Seems to me as if this was broken a long time ago with commit 8000479d. Will have a deeper look
Created attachment 10241 [details] TODO: samba-tool replace-binary-sid I found that 'profiles' is completely broken and corrupts the NTUSER.dat as it doesn't copy everything. The aim of just fixing up the sid of the user can be done by just replacing the binary sid buffers. Christian can you have a look? Also notice the following discussion: https://lists.samba.org/archive/samba-technical/2013-April/thread.html#91650
Hello guys, i can confirm this problem still exist in samba.x86_64 3.6.9-169.el6_5 btw. i also tried it in samba4.x86_64 4.0.0-63.el6_5.rc4 and it is still broken there too. Thanks to Jobst suggestion, i downloaded the older Samba and get it going with the old binary i extracted from it. what i did: - download samba-common-3.0.33-3.29.el5_5.1.i386.rpm - extract /usr/bin/profiles file - put the file to e.g. /opt - ./profiles -v -c old-SID -n new-SID NTUSER.DAT - installed due deps: yum -y install 1:compat-openldap-2.3.43-2.el6.i686 yum -y install popt-1.13-7.el6.i686
Created attachment 10405 [details] proposed patch The attached patches make profiles work again for me and the resulting files can be loaded without error message in the Windows Registry Editor. Comparing the input and output visually in regedit revealed no missing or corrupted entries, but I have to admit I only look at a few places, not all the keys that were stored in my test files. I can run checks with regdiff but I couldn't figure out how to make regdiff work against two local registry files. Metze, can you tell me how to do that?
Comment on attachment 10405 [details] proposed patch I'm not sure if this fixes all problems, but the patches look like a very good improvement, please push them to master with my review. I don't remember how I tested with regdiff. At least I checked the resulting file size and the diff of hexdump -C. The new file was much smaller and missed a lot of information.
Created attachment 10494 [details] Cherry-picked fixes from master for 4.1 and 4.2 The patches have landed in master, so let's get them into 4.1 and 4.2 as well.
Comment on attachment 10494 [details] Cherry-picked fixes from master for 4.1 and 4.2 Looks, good for 4.1 and 4.2. Should we also backport to 4.0?
The patches apply cleanly to v4-0 as well. So Karolin, please pick for 4.0, 4.1 and 4.2. Thanks
Pushed to autobuild-v4-[0|1|2]-test.
(In reply to Karolin Seeger from comment #13) Pushed to v4-2-test.
(In reply to Stefan (metze) Metzmacher from comment #14) Pushed to v4-0-test and v4-1-test also. Closing out bug report. Thanks!