[Samba] XP Client brings another SID in

Geert Stappers stappers at stappers.nl
Fri Sep 30 23:28:21 GMT 2005 

Hello,


This about another attempt of joining a (samba controlled) domain.

It is samba version 3.0.14 with a LDAP backend.
The client is a Windows XP computer.

I do get message "welcome to the domain" (reboot to activate)
But an user login fails ...


I think I have nailed it down to a strange SID that the client brings in.

On a working system I have this LDAP entry:

| dn: uid=tosh$,ou=Computers,ou=Users,dc=yourdomain,dc=tld
| objectClass: top
| objectClass: inetOrgPerson
| objectClass: posixAccount
| objectClass: sambaSamAccount
| cn: tosh$
| sn: tosh$
| uid: tosh$
| uidNumber: 2014
| gidNumber: 515
| homeDirectory: /dev/null
| loginShell: /bin/false
| description: Computer
| gecos: Computer
| structuralObjectClass: inetOrgPerson
| sambaSID:             S-1-5-21-2689494773-1951033108-3857615256-5028
| sambaPrimaryGroupSID: S-1-5-21-2689494773-1951033108-3857615256-515
| displayName: TOSH$
| sambaPwdMustChange: 2147483647
| sambaAcctFlags: [W          ]
| sambaPwdCanChange: 1128030550
| sambaNTPassword: 6EB64F5A71C942C2FAFF3AC003B03686
| sambaPwdLastSet: 1128030550

Note the same base SID


On the failing system there is this after adding a client:


| dn: uid=coco$,ou=Computers,ou=Users,dc=yourdomain,dc=tld
| objectClass: top
| objectClass: inetOrgPerson
| objectClass: posixAccount
| objectClass: sambaSamAccount
| cn: coco$
| sn: coco$
| uid: coco$
| uidNumber: 2015
| gidNumber: 515
| homeDirectory: /dev/null
| loginShell: /bin/false
| description: Computer
| gecos: Computer
| sambaSID:             S-1-5-21-1217595360-3837695174-1118015926-5030
| sambaPrimaryGroupSID: S-1-5-21-2202232871-2120539869-948389690-515
| displayName: COCO$
| sambaPwdCanChange: 1128087802
| sambaPwdMustChange: 2147483647
| sambaNTPassword: 43C26C7D4326A9C5746A35B643E3FB5B
| sambaPwdLastSet: 1128087802
| sambaAcctFlags: [W          ]

Note the different base SID.


Could be confirmed that base SIDs should be te same?
(or could be told that it is okay ;-)


Anyway: which way to go ?   ( or what to read next ? ;-)



Cheers
Geert Stappers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba/attachments/20051001/0196950b/attachment.bin

More information about the samba mailing list