[Samba] Samba/LDAP share issue -- user with invalid SID

tms3 at tms3.com tms3 at tms3.com
Mon May 17 17:15:14 MDT 2010


SNIP
>
>>
>> SID for domain SL1 is: S-1-5-21-1557386430-3227286864-500253393
>> SID for domain CHEMBMB is: S-1-5-21-4167008922-1292391803-4044586981
>>
>> 7) Users have both user and group SIDs in the form
>> "S-1-5-21-4167008922-1292391803-4044586981-[unique number]", which is
>> generated according to the rules the smbldap tools use.

You have two different domains. And the users are in CHEMBMB and the 
server is a member of SL1.  Why not join SL1 to CHEMBMB?
>
>>
>>
>>
>> 8) testparm on sl1 returns the following:
>>
>> Load smb config files from /etc/samba/smb.conf
>> Processing section "[homes]"
>> Processing section "[itadmins]"
>> Loaded services file OK.
>> Server role: ROLE_STANDALONE
>> Press enter to see a dump of your service definitions
>>
>> [global]
>> workgroup = CHEMBMB
>> server string = %h server (Samba, Ubuntu)
>> map to guest = Bad User
>> obey pam restrictions = Yes
>> passdb backend = ldapsam:ldaps://multivac.chem.umass.edu
>> pam password change = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> unix password sync = Yes
>> syslog = 255
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> dns proxy = No
>> ldap admin dn = cn=admin,dc=cns
>> ldap group suffix = ou=Chemistry groups
>> ldap suffix = ou=Chemistry,dc=cns
>> ldap ssl = no
>> ldap user suffix = ou=Chemistry users
>> usershare allow guests = Yes
>> panic action = /usr/share/samba/panic-action %d
>> invalid users = root
>>
>> [homes]
>> comment = Home Directories
>> read only = No
>> browseable = No
>>
>> [itadmins]
>> comment = Shared directory for the IT group
>> path = /home/itadmins
>> valid users = spalmer, amckenzie
>> read only = No
>> create mask = 0665
>> directory mask = 0775
>>
>>
>>
>> Any advice would be appreciated -- I'm well beyond my understanding of
>> samba at the moment, and my understanding of samba is well beyond what
>> it was 48 hours ago.  At the moment neither server is mission 
>> critical,
>> so tests that take them temporarily off-line are possible.  By early
>> next week things will be authenticating against the LDAP server (we've
>> got no choice -- the old LDAP server is failing fast), so I won't be
>> able to take it down for testing.
>>
>> Thanks in advance,
>> Alex McKenzie
>> alex at chem.umass.edu
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEUEARECAAYFAkvxjXAACgkQWFYfIucpZ2OA2QCY5Ah0KkHwr2QGuCF/jCGf/dDr
> zwCfbXwvHr50j7vZZTuSJxLels7Izv8=
> =58HV
> -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba



More information about the samba mailing list