mismatched domain causes wierd behaviour
Andrew Bartlett
abartlet at samba.org
Wed Sep 24 23:08:44 GMT 2003
On Thu, 2003-09-25 at 06:40, Brad Langhorst wrote:
> Obviously the SID in the tdbs must match the SID in ldap for proper
> operation...
>
> During my last upgrade I must have forgotten to restore the SID with net
> setlocalsid but domain logons, printing, etc. worked just fine.
>
> I only detected the problem when adding a new machine failed with
> cryptic messages in the log about not finding the computer in the ldap
> store.
>
> I finally figured it out after much gnashing of teeth.
>
> Perhaps it would make sense to put in some kind of check that these SIDs
> are the same...
There is... I added that code to pdb_ldap. What's not functioning
about it?
> or better yet just use one to populate the other...
> or even better still just have the SID in one place so this can't
> happen.
That part is difficult, as not all the places that need it should really
need to poke at LDAP etc. (But I had considered that as a design, for
this very good reason).
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030924/a510ef19/attachment.bin
More information about the samba-technical
mailing list