[Samba] problems adding machines after upgrade - sambaSID attribute incomplete!

Craig White craigwhite at azapple.com
Sat Mar 18 03:15:05 GMT 2006 

On Fri, 2006-03-17 at 21:22 -0500, Pablo Chamorro C. wrote:
> Some days ago we were able to add machines to our Samba+OpenLDAP domain, 
> but after we decided to update samba from 3.0.5a to 3.0.21c now we can't 
> do that anymore!.
> 
> In adding a machine, the "wellcome to domain XXX" message appears, but 
> after rebooting the machine it doesn't works!.  Looking the openldap 
> entries, now we are having these kind of entries:
> 
> sambaSID: S-1-5-21-2502698289-3639879065-4582
> sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515
> 
> note that "one part" of the Samba SID is missing, the correct should be: 
> sambaSID: S-1-5-21-2502698289-3639879065-7544774837-4582
> 
> so, I tried to fix the sambaSID attribute by hand on the openldap server 
> using phpldapadmin but no luck.  Also, I tried with the last 
> smbldap-tools-0.9.2-1 without success.  Windows shows "please check 
> your password".  How can this be fixed?  Our openldap samba.schema was 
> taken from samba 3.0.14a and our PDC is red hat 9.
> 
> Thanks,
> 
> Pablo
> 
> p.d. this is an example of one ldif machine record:
> 
> dn: uid=sistemas-47$,ou=Computers,o=company
> objectClass:
> top,person,organizationalPerson,inetOrgPerson,posixAccount,sambaSamAccount
> cn: sistemas-47$
> sn: sistemas-47$
> uid: sistemas-47$
> uidNumber: 1791
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> sambaSID: S-1-5-21-2502698289-3639879065-4582
> sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515
> displayName: SISTEMAS-47$
> sambaPwdCanChange: 1142646485
> sambaPwdMustChange: 2147483647
> sambaNTPassword: 16686156AAC4D85D1BD046C3320FEE9C
> sambaPwdLastSet: 1142646485
> sambaAcctFlags: [W          ]
> 
----
#1 - samba.schema should always be the one supplied with your samba so
using one from samba-3.0.14a doesn't make any sense at all.

#2 - what do you get from command... 'net getlocalsid'   ?

#3 - do other commands work such as... pdbedit -Lv  ?

#4 - from the process you described, it sounds like you are using the
Windows Network Wizard to join the computer to the domain which pretty
much relies on you properly configuring smbldap-tools and from your
description, it would seem that your smbldap-tools was updated but not
the configuration or if your smbldap-tools configuration was updated,
that you made some errors. You need to inspect the configuration there.

Craig

More information about the samba mailing list