[Samba] Re: Samba PDC Problem

Tue Jul 27 13:53:24 GMT 2004

If you tried different configurations for testing, it might ends up with
inconsistent SIDs.

net getlocalsid

will show what SID samba thinks and see if it is the consistent with your
users accounts' SID or administrators SID in LDAP server. If not, then you
know where your problem is.

If all your accounts in ldap has consistent SID but the samba SID is
different, the easist fix is
net setlocalsid <domain part of SID from LDAP>

Another consideration, have you join your PDC server into your domain? I
know it is wired but your PDC will not be in your LDAP unless you join it
into the domain. I don't know if this has anything to do with your problem.

The last one is well-documented: on XP you need to set certain registry
parameter, which I don't rember now, to zero.

Hope this helps.

-- Kang

"Kiryl Hakhovich" <administrator at bsolution.net> wrote in message
news:41052E94.3070908 at bsolution.net...
> Hey Michael,
>
> thanks for a quick response.
>
> When i try to use BCHECKUP\Administrator it says "The parameter is
> incorrect" and does not work with ldap at all.
>
> (BCHECKUP is my domain name)
>
> I guess something wacky about my configs?
>
> Thanks.
>
>
> Michael Wray wrote:
>
> > Sounds like Samba SID doesn't match SID being sent by XP workstation,
which
> > btw is what is being sent, not USERNAME Administrator.  TO make sure it
> > works for Admin's user name send sambamachinename\Administrator as the
> > username...then the sid's should match.
> >
> > -----Original Message-----
> > From: samba-bounces+mwray=s4f.com at lists.samba.org
> > [mailto:samba-bounces+mwray=s4f.com at lists.samba.org]On Behalf Of Kiryl
> > Hakhovich
> > Sent: Monday, July 26, 2004 10:45 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Samba PDC Problem
> >
> >
> > Hello guys,
> >
> > I have a Samba 3.0.4 on FC2, it has LDAP backend. Machine authenticate
> > users with no problem.
> > However when i try to add XP client to domain, from that workstation, it
> > asking for Administrator password to join to the Domain and them says
> > "Login failure: unknown user name or bad password". And at the same time
> >   record does inserts into the LDAP!? I can see it right after i got
> > message on the screen about error.
> >
> > Now here is a part from server log:
> > ----------
> > Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0]
> > passdb/pdb_ldap.c:ldapsam_add_sam_account(1587)
> > Jul 26 11:34:13 fileserver smbd[27897]:   ldapsam_add_sam_account: SID
> > 'S-1-5-21-299320441-2527492060-3102699668-3000' already in the base,
with
> > samba attributes
> > Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0]
> > rpc_server/srv_samr_nt.c:_samr_create_user(2267)
> > Jul 26 11:34:13 fileserver smbd[27897]:   could not add user/computer
> > kiryha$
> > to passdb.  Check permissions?
> > ----------
> >
> > Note: i can login to linux server with name 'Administrator' and have
> > root's privileges, since ldap has uid 0 for Administrator.
> >
> > smb.conf has line admin users = Administrator
> >
> > What do i missing?
> > Any ideas?
> >
> >
> > Thank you!
> >
> > Sincerely,
> > Kiryl Hakhovich.
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>