[Samba] Coule really use some help (Samba PDC)

Doug Campbell doug at bpta.net
Tue Mar 22 02:41:23 GMT 2005 

John,

> Anyway, I am here. When trying to join a domain with the administrator
> account I get "no mapping between account name and security ID's was done"
> And the joining fails...
>
> All the needed files are attached, from the ldap log. to the samba.conf
> to the ldifs of the machine, root and admin account.
> Trying with the root account nets me the same error
>
> in smbusers I noticed an entry i never made
>
> root = administrator
>
> software versions:
>
> [root at vnpdc01 openldap-data]# rpm -qa |grep samba
> samba-3.0.11-1
> samba-swat-3.0.11-1
> samba-client-3.0.11-1
> samba-common-3.0.11-1
>
> I am assumine the rpm or something else made that mapping. I dunno...

This entry is normal, I believe.  But according to you smb.conf file, you
aren't using the username map parameter, so the fact the file is their
shouldn't matter.

> net groupmap list
>
> Engineering (S-1-5-21-1391849139-953726148-1374988380-9005) -> Engineering
> Staff (S-1-5-21-1391849139-953726148-1374988380-9003) -> Staff
> Sales (S-1-5-21-1391849139-953726148-1374988380-9007) -> Sales
> Administration (S-1-5-21-1391849139-953726148-1374988380-9009) ->
> Administration
> Domain Admins (S-1-5-21-3107161993-1039155829-3332455197-512) ->
> Domain Admins
> Domain Users (S-1-5-21-3107161993-1039155829-3332455197-513) ->
> Domain Users
> Domain Guests (S-1-5-21-3107161993-1039155829-3332455197-514) ->
> Domain Guests
> Domain Computers (S-1-5-21-3107161993-1039155829-3332455197-515)
> -> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators

I don't know if this will help you with your problem or not.  I'm very new
to Samba but you will notice that you group SIDs aren't consistent.  My
guess is that this could be causing someone of your problems.

You could try:

net getlocalsid

to find out what your SID is supposed to be.  Then verify that you have set
that correctyl in your smbldap.conf file for the Idealx tools.

> ldap suffix = o=ventusnetworks.com,dc=na
> ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Staff
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=Manager,dc=na"

Also, I am a newbie to LDAP too but shouldn't your suffixes be the full DN.
For example, instead of

ldap machine suffix = ou=Computers

shouldn't it be

ldap machine suffix = ou=Computers,o=vertusnetworks.com,dc=na

or whatever you DN is?

Doug

More information about the samba mailing list