[Samba] primary gid of user [desires] is not a Domain group !
C.Lee Taylor
leet at leenx.co.za
Wed Feb 18 15:06:21 GMT 2004
Greetings ...
Let's keep the list in on this, other people might be able to get
info from this too ...
Wendell Wilson wrote:
> Still more clues! Partially 'fixed.'
Okay ...
> doing ` net rpc user -S <domain name> info <user name> `
I can't get this to work ... it just does not return any thing, so I
tried a few other things, which also did not give me anything, but ...
[root at nasrec root]# net rpc info
Domain Name: XXXXX-ZA-DM
Domain SID: S-1-5-21-3795178988-3942151060-2329322268
Sequence number: 1077004228
Num users: 159
Num domain groups: 0
Num local groups: 0
Which is wierd, showing that I have no groups ... but my net
groupmap list shows four maps, why would I not have any groups ...
> I see that bob only belongs to only Domain Users. Yet, doing pdbedit
> -L -v -u bob ... shows the primary GID that matches the GID when I do
> `net groupmap list ` (same as you).
>
> Then, I ran ` pdbedit -u bob --group SID=" < domain admins SID > " `
> ... and the net rpc command shows the user belongs to both groups.
Just to be correct, it would be `pdbedit -r -u bob --group SID=" <
domain admins SID > "`, you should not forget the '-r' when modifing ...
> I am no longer getting the 'nt doesn't like it / fix it' message in my
> logs, but I still see the 'failed to decode PDU' message and 'failed
> to do schannel1 processing' when the user logs in.
I went through my LDAP DB and manual fixed all the funny RID's for
the Primary Group SID, but I am still seeing my "fix P G SID" error ...
> Does this help you any?
A little, I am looking further into this ...
> If so, do you still get the PDU messages when someone logs in?
Still, but not as much as before, will keep an eye open on this ...
>>>> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
>>>> rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
>>>> Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU
>>>> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
>>>> rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
>>>> Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu: failed
>>>> to do schannel processing.
>>>> Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0]
>>>> rpc_server/srv_util.c:get_domain_user_groups(372)
>>>> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups:
>>>> primary gid of user [desires] is not a Domain group !
>>>> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: You
>>>> should fix it, NT doesn't like that
>>>>
>>>> But if I do ...
>>>>
>>>> [root at eastrand root]# pdbedit -L -v -u desires
>>>> Unix username: desires
>>>> NT username: desires
>>>> Account Flags: [UX ]
>>>> User SID: S-1-5-21-3795178988-3942151060-2329322268-44008
>>>> Primary Group SID: S-1-5-21-3795178988-3942151060-2329322268-513
>>>> Full Name: Desire Steyn
>>>> Home Directory: \\eastrand\desires
>>>> HomeDir Drive: l:
>>>> Logon Script: login.bat
>>>> Profile Path: \\eastrand\desires\profile
>>>> Domain: XXXXX-ZA-DM
>>>> Account desc:
>>>> Workstations:
>>>> Munged dial:
>>>> Logon time: 0
>>>> Logoff time: Fri, 13 Dec 1901 22:45:51 GMT
>>>> Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT
>>>> Password last set: Thu, 13 Feb 2003 13:24:06 GMT
>>>> Password can change: 0
>>>> Password must change: Fri, 13 Dec 1901 22:45:51 GMT
>>>> [root at eastrand root]#
>>>>
>>>> Now I have an LDAP passdb, and I have done a
>>>> [root at eastrand root]# net groupmap list
>>>> Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) ->
>>>> ntusers
>>>> Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) ->
>>>> machines
>>>> Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) ->
>>>> ntadmin
>>>> Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) ->
>>>> nobody
>>>>
>>>> And
>>>>
>>>> [root at eastrand root]# getent passwd |grep -i des
>>>> desires:x:21504:10000:Desire:/home/users/desires:/sbin/nologin
>>>
More information about the samba
mailing list