[Samba] Scenario 0 ¡V SAMBA 3.0.22

adrian sender adrian_au1 at hotmail.com
Tue Apr 18 06:52:02 GMT 2006 

Hello Lads,

I have a PDC & BDC / Master & Slave; I regularly make backups of the LDAP 
database:
Slapcat ¡Vv ¡Vl backupallusers.txt.

Both my PDC & BDC have been rebuilt from scratch, I slapadd ¡Vv ¡Vl 
backupallusers.txt and I net set localsid domainsidhere for the PDC << I get 
that from the backupallusers.txt.

Smbpasswd ¡Vw secret < on both PDC & BDC

Net rpc getsid < on the BDC; Storing domain sid in secrets¡K

Now net rpc getsid gets the domain sid from the PDC.

I then slapadd ¡Vv ¡Vl backupallusers.txt on the BDC. I create a new test 
account on the PDC and replicates to the BDC as expected.

The user can login to windows workstation connected to the domain.

However; if I create an account through the BDC which writes to the master 
ldap database this is different and user cannot login to domain

****different User SID****

Created on the PDC

[root at node1 ~]# pdbedit -Lv asender
WARNING: The "printer admin" option is deprecated
Unix username:        asender
NT username:          asender
Account Flags:        [U          ]
User SID:             S-1-5-21-3959433150-537517574-2380176113-3000 
„²--------------------------------------
Primary Group SID:    S-1-5-21-3959433150-537517574-2380176113-513 
„²------------------------------------
Full Name:            System User
Home Directory:       \\192.168.0.4\asender
HomeDir Drive:        H:
Logon Script:         asender.bat
Profile Path:         \\192.168.0.4\profiles\asender
Domain:               DDESIGN
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 14:14:07 EST
Kickoff time:         Tue, 19 Jan 2038 14:14:07 EST
Password last set:    Sun, 05 Feb 2006 22:42:01 EST
Password can change:  Sun, 05 Feb 2006 22:42:01 EST
Password must change: Tue, 19 Jan 2038 14:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root at node1 ~]#


Backup Domain Controller


[root at node2 sbin]# ./smbldap-useradd -m -a test20
[root at node2 sbin]# pdbedit -Lv test20
Unix username:        test20
NT username:          test20
Account Flags:        [UX         ]
User SID:             S-1-5-21-262279049-421990743-3931325934-3036 
„²--------------------------------------
Primary Group SID:    S-1-5-21-3959433150-537517574-2380176113-513 
„²---------------------------------
Full Name:            System User
Home Directory:       \\192.168.0.4\test20
HomeDir Drive:        H:
Logon Script:         test20.bat
Profile Path:         \\192.168.0.4\profiles\test20
Domain:               DDESIGN
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 14:14:07 EST
Kickoff time:         Tue, 19 Jan 2038 14:14:07 EST
Password last set:    0
Password can change:  0
Password must change: Tue, 19 Jan 2038 14:14:07 EST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root at node2 sbin]#


Thanks.
Adrian Sender.

More information about the samba mailing list