[Samba] User Group SID behavior has changed from 21b to 23c

Gerald (Jerry) Carter jerry at samba.org
Tue Sep 5 17:46:08 GMT 2006

Hash: SHA1


> I am using LDAP as my backend. I have 6 PDC's running 
> Samba 3.0.21b, each domain has a different SID. I
> store all user,groups,and machine accounts in one
> LDAP database. So that when I create a user once,
> all domains can see the user. This keeps me
> from having to create a user account on
> each domain for cross domain file sharing.
> I have setup a new PDC for DOMAIN2 using 3.0.23c
> Now in DOMAIN2 when I type:
> pdbedit -v -u mikec
> I get:
> NT username:          mikec
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1629861336-2395076261-3235541152-3001
> Primary Group SID:    *S-1-5-21-2781067772-1786132867-2942848841-513*
> When try to conect to a Samba Server in DOMAIN2 from 
> DOMAIN1 I get the error message
>  _net_sam_logon: user DOMAIN2\mikec has user sid
> S-1-5-21-1629861336-2395076261-3235541152-3001
>   but group sid S-1-5-21-2781067772-1786132867-2942848841-513.
>  The conflicting domain portions are not supported for 
>  NETLOGON calls
> The behavior in 3.0.23c has changed from 3.0.21b

Yup.  And you were relying on unsupported behavior
in previous releases.  We have never supported sharing
an ldapsam passdb backend between multiple domains
in the 3.0 series.

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list