[Samba] Account Unknown for users with Samba 3.0.11/14

James.Cort at u4eatech.com James.Cort at u4eatech.com
Mon Jan 9 13:17:53 GMT 2006

Quoting William Jojo <jojowil at hvcc.edu>

> And the obvious...do you have config and system information? How are uid
> values gathered by the system? Same LDAP database? That's important to find
> out...

And, indeed, the cause of much grief.

Since writing previous emails I have discovered:

* The issue doesn't exist on another server.
  * Though the other server has identical Samba configuration, much 
else is very different.  Most importantly, users exist locally on the 
other server.

To cut a long story short, it seems unlikely that in its current 
configuration, this has ever worked properly.

The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP.  
I've added objectClass sambaIdmapEntry to myself in the LDAP database, 
so my LDAP entry now reads:

# jamesc, People, u4eatech.com
dn: uid=jamesc,ou=People,dc=u4eatech,dc=com
uid: jamesc
sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038
sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001
displayName: James Cort,,,
sambaPwdMustChange: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
sambaAcctFlags: [U          ]
uidNumber: 1019
loginShell: /bin/bash
gidNumber: 1000
homeDirectory: /home/jamesc
gecos: James Cort
cn: James Cort
mail: james.cort at u4eatech.com
sambaPwdCanChange: 1136795375
sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E
sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650
sambaPwdLastSet: 1136795375
userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0=
objectClass: account
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
objectClass: u4eaPerson
objectClass: sambaIdmapEntry

While this knocks one error on the head, I still have a number of 
issues as none of the gidNumber-based entries exist.  However, I would 
expect that users in the "Security" tab would now resolve - this is not 
the case.

I'm at a loss how to continue.  Presumably I need to populate the 
various bits necessary for id mapping in LDAP, though I don't know the 
various options or their pros and cons.

All the documentation I can find online seems to be geared towards 
getting the system up and running properly in the first place with 
minimal requirement of understanding of how it all hangs together - if 
someone did that in the past and made a mistake, it seems particularly 
tough to figure out what they did wrong and, more importantly, how to 
fix it without causing downtime.

Can anyone point me in the right direction?

More information about the samba mailing list