[Samba] Re: Samba Problem seen on 24help
pgienger at ae-solutions.com
Thu Mar 3 13:44:29 GMT 2005
>i've seen your posts on this forum
Bringing this on list so that someone else can drop in some wisdom if I
miss... Good logs btw.
Could we get some sysinfo here? What passdb backend are you using? OS
and Samba version too if you don't mind, for posterity.
>seems that i've quite the same problem, but i can't get what you said,
>or in fact it's me that i don't have enough experience in SID and GID.
>Well, i did an net getlocalsid and it gave me the domain SID, but with
>with what should it match match?
>here are my logs from the server
>[2005/03/03 09:33:24, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766)
> _net_sam_logon: user PUISSANCEL\pwyss has user sid
>but group sid S-1-5-21-762477992-2481379270-2668450037-513.
>The conflicting domain portions are not supported for NETLOGON calls
>my domain SID is
>SID for domain PUISSANCELSERVE is:
Ok, with that information we need to derive what SIDs you've got at work
1. Your domain wants to run with this:
2. The user you're going for is using this SID:
and a RID portion of: -3118
3. The Domain Users group is resolving to SID:
and RID portion: -513
So with that info we can tell that the group SID is the inconsistant
one. The server tells it one thing, and then your user SID matches it.
Your groupmap confirms some oddity is at work.
>and finally the net groupmap list is:
>System Operators (S-1-5-32-549) -> -1
>Replicators (S-1-5-32-552) -> -1
>Guests (S-1-5-32-546) -> -1
>Domain Users (S-1-5-21-762477992-2481379270-2668450037-513) ->
>Domain Admins (S-1-5-21-762477992-2481379270-2668450037-512) -> root
>Domain Guests (S-1-5-21-762477992-2481379270-2668450037-514) -> -1
>Power Users (S-1-5-32-547) -> adm
>Print Operators (S-1-5-32-550) -> -1
>Administrators (S-1-5-32-544) -> sys
>Account Operators (S-1-5-32-548) -> -1
>Domain Admins (S-1-5-21-820830119-3499761299-3856101563-512) -> -1
>Domain Guests (S-1-5-21-820830119-3499761299-3856101563-514) -> -1
>Domain Users (S-1-5-21-820830119-3499761299-3856101563-513) -> -1
>Backup Operators (S-1-5-32-551) -> bin
>Users (S-1-5-32-545) -> participant
I'm curious how exactly you got to this point... You have all the
requisite groups here but they aren't quite right. You should delete
the entries here that don't match the domain SID, in otherwords, the
S-blah-blah37-XXX entries that are correctly mapped to unix groups. IF
you are running LDAP, which I can't tell, I would guess that you
populated your passdb with smbldap-populate before configuring the
parameters properly. In that case, just delete the samba attributes
from your posix group objects (participant, etc), the groupmap.tdb (name
may not be accurate), re-run the populate script and do the groupmap again.
>if you could help me it would be really really nice.
>I'm working for days on that samba pdc, and i can't make it work,
>i'm getting mad
Post back how this strikes you.
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba