[Samba] User Group SID behavior has changed from 21b to 23c
Gerald (Jerry) Carter
jerry at samba.org
Tue Sep 5 17:46:08 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike,
> I am using LDAP as my backend. I have 6 PDC's running
> Samba 3.0.21b, each domain has a different SID. I
> store all user,groups,and machine accounts in one
> LDAP database. So that when I create a user once,
> all domains can see the user. This keeps me
> from having to create a user account on
> each domain for cross domain file sharing.
...
> I have setup a new PDC for DOMAIN2 using 3.0.23c
> Now in DOMAIN2 when I type:
> pdbedit -v -u mikec
> I get:
>
> NT username: mikec
> Account Flags: [U ]
> User SID: S-1-5-21-1629861336-2395076261-3235541152-3001
> Primary Group SID: *S-1-5-21-2781067772-1786132867-2942848841-513*
>
> When try to conect to a Samba Server in DOMAIN2 from
> DOMAIN1 I get the error message
> _net_sam_logon: user DOMAIN2\mikec has user sid
> S-1-5-21-1629861336-2395076261-3235541152-3001
> but group sid S-1-5-21-2781067772-1786132867-2942848841-513.
> The conflicting domain portions are not supported for
> NETLOGON calls
>
> The behavior in 3.0.23c has changed from 3.0.21b
Yup. And you were relying on unsupported behavior
in previous releases. We have never supported sharing
an ldapsam passdb backend between multiple domains
in the 3.0 series.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE/bfgIR7qMdg1EfYRAl3AAKDpFeMG4gUTp2eYo7xxhftEQ/nN8gCeIuoD
r27k/qsKT1f300pa55zPp3g=
=Wo+s
-----END PGP SIGNATURE-----
More information about the samba
mailing list