[Samba] OK,I'm In Trouble

Yang Xiao yxiao2004 at gmail.com
Wed Mar 15 21:20:35 GMT 2006 

Hi Everyone,
I've been getting this error when trying to login from an XP box to a Samba
3 + LDAP PDC, but failed.

[2006/03/15 17:48:12, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766)
  _net_sam_logon: user Domain\user has user sid
S-1-5-21-3570476861-1302945835-1904156257-3004
   but group sid S-1-5-21-790863915-1833833965-864709722-513.
  The conflicting domain portions are not supported for NETLOGON calls

I did some research and found this is due to SID mismatch as it is shown
with the user sid and group sid

net getlocalsid on the dc shows S-1-5-21-3570476861-1302945835-1904156257
and net getlocalsid DOMAIN shows S-1-5-21-3570476861-1302945835-1904156257
as well.

but, net groupmap list shows

Domain Admins (S-1-5-21-790863915-1833833965-864709722-512) -> Domain Admins
Domain Users (S-1-5-21-790863915-1833833965-864709722-513) -> Domain Users
Domain Guests (S-1-5-21-790863915-1833833965-864709722-514) -> Domain Guests
Domain Computers (S-1-5-21-790863915-1833833965-864709722-515) -> Domain
Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
systems (S-1-5-21-3570476861-1302945835-1904156257-3003) -> systems
development (S-1-5-21-3570476861-1302945835-1904156257-3005) -> development
analytics (S-1-5-21-3570476861-1302945835-1904156257-3007) -> analytics

and most of my user/machine accounts have sids like this
S-1-5-21-790863915-1833833965-864709722-xxxx.
but the smbldap.conf says the sid is set to
SID="S-1-5-21-3570476861-1302945835-1904156257"

then according to LDAP
dn: sambaDomainName=Domain,dc=Domain,dc=com
sambaSID: S-1-5-21-3570476861-1302945835-1904156257

so this is a certified bloody mess, my question is, does this mean I have to
change every instance of sid that's
S-1-5-21-790863915-1833833965-864709722-xxxx in LDAP? what's a good way of
doing this?

Many thanks!

- Yang

smb.conf & slapd.conf attached

More information about the samba mailing list