Re: [Samba] Samba 3.6.6 - Debian 7

Tue, 28 May 2013 11:21:14 -0700 

Hi Marco,


I use Samba + Ldapas a domain controller but after the update the
version of Debian6 to Debain 7I can't authenticate my users in the Samba
server.

logs:


[2013/05/23 08:29:55.811240,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain
sid(S-1-5-21-3651478259-4121578499-3132057975-513) does not match the
domain sid(S-1-5-21-3182595135-1874831366-4239877494) for
user(S-1-5-21-3182595135-1874831366-4239877494-60012)
[2013/05/23 08:29:55.811383,  0]
auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'


# net getlocalsid
SID for domain ROCKY is: S-1-5-21-2260219023-4180104146-1160048873

# net getdomainsid
SID for local machine ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
SID for domain PRINTERRESERVA is: S-1-5-21-3651478259-4121578499-3132057975

#pdbedit -v user
User SID: S-1-5-21-3182595135-1874831366-4239877494-60012
Primary Group SID: S-1-5-21-3651478259-4121578499-3132057975-513
You user SID is composed of the domain SID (ie S-1-5-21-3182595135-1874831366-4239877494-60012), which is the same for all users and groups of a domain, and the end part which is the user RID (relative ID) -60012. 

Same thing for your group SID.
So you can see here that the domain SID part of the user SID is not the same as the domain SID S-1-5-21-3651478259-4121578499-3132057975. That is what your debug log message basically says. I don't think that it is just a squeeze to wheezy upgrade that would have messed'up that much with you ldap entries. You should double check your ldap. 

And take a look at samba4, it is much easier to setup and manage.

Cheers,

Denis







Thanks,


Marcos.




--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a4efee.4010...@tranquil-it-systems.fr

Reply via email to