[Samba] Weird 'net getlocalsid' problem (Samba + LDAP)

Anthony Linux anthony.linux at gmail.com
Fri May 13 18:29:05 GMT 2005

I'm setting up a PDC with LDAP (Posix and Samba accounts) backend. 
Samba version is 3.0.10 (FC3 x86_64 version).  I'm following the
instructions on the IDEALX site.  I've done this before with older
versions.  It appears some things have changed in LDAP, Samba, and the
smbldap-tools, but for the most part the procedure is the same.

The problem I'm getting is with the 'net getlocalsid'.  When I run
this command, I get the usual output.  However, it always says the SID
for the Hostname, not the Domain.  Even when the smb service is
running in domain controller mode, I can't get any output from 'net
getlocalsid DomainName'.  I get the following response: "Can't fetch
domain SID for name: DomainName"

When I check the LDAP domain (with GQ), it shows the
SambaDomainName=<hostname> and not the domain name.  When I browse the
computer through a windows box, it shows up as the right domain.

In all my other installations like this (RH9 mostly with various
versions of Samba 3.0.x), this field shows up as
SambaDomainName=<domain name>, like it should.

Am I doing something wrong?  Did something change with how samba
"inserts" this entry into the LDAP database?

Here's an excerpt from my smb.conf global section:
        log file = /var/log/samba/%m.log
        load printers = yes
        idmap gid = 16777216-33554431
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        username map = /etc/samba/smbusers
        winbind use default domain = no
        template shell = /bin/false
        wins support = true
        dns proxy = no
        cups options = raw
        netbios name = Hostname
        server string = Network Samba Server
        idmap uid = 16777216-33554431
        workgroup = DomainName
        os level = 20
        printcap name = /etc/printcap
        security = user
        max log size = 50000
        domain master = Yes
        ldap passwd sync = Yes
        passdb backend = ldapsam:ldap://
        ldap admin dn = cn=Manager,dc=ldapdomain
        ldap suffix = dc=ldapdomain
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers

        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script =
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

        Dos charset = 850
        Unix charset = ISO8859-1

-- End excerpt

Thanks for any help,

More information about the samba mailing list