[Samba] Help cleaning up domain SID mess...

Bjørn Tore Sund bjorn.sund at it.uib.no
Thu Aug 2 14:25:29 GMT 2007 

Phil Burrow wrote:
> Bjoern Tore Sund wrote:
>
> > No Windows here, this is the cifs disk server for 800 Linux clients.
> > None of which are members of the domain in any meaningful way.  I just
> > want all the servers to authenticate against the same LDAP server, the
> > domain is irrelevant for functionality.  Hmmm.  Which means that I 
> might
> > just get away with setting the same SID on all four domains and 
> leave it
> > at that... ?
> >
> > -BT
>
> Makes sense if thats all you need and theres no Windows stuff to 
> break, yep :) Sorry for being presumptuous about your setup!
>
> You would need to remove three of the sambaDomainName entries if you 
> only want a single domain though, and ensure that the only one present 
> is sambaDomainName=UNIX.
>
> When you do net getlocalsid, it should be looking up the details for 
> the domain you specified in smb.conf (UNIX) in your LDAP directory. 
> Check your logs, see if it's happening and see what questions it's 
> asking your LDAP server, that way you can see where it's getting its 
> unusual SID information from and why it may not be setting the SID 
> like it should.
>
> i.e. on one of my broken systems that I use for playing about with 
> stuff, I just booted to test it and I can see that if I do net 
> getlocalsid its looking for:
>
> smbldap_search_domain_info: Query was: dc=mydomain,dc=co,dc=uk, 
> (&(objectClass=sambaDomain)(sambaDomainName=MYDOMAINFROMSMB-CONF))
Just feedback, since things are working ok now.

The domain question isn't relevant, so I really don't care whether I 
have one or four.  Which is just as well, because the servers all ignore 
the domainName=UNIX entry.  If I delete their LDAP entry, they'll simply 
create a new one.  Which is consistent with documentation, with 
security=user, any workgroup- or realm-setting is ignored, and with 
security=anything-but-user, ldapsam doesn't work.  I've checked and 
confirmed that 'net lookup sid' in all cases return the local domain and 
as long as I have no need to connect the domains I'm fine.

Thanks for your help!

Bjørn

-- 
Bj¯rn Tore Sund       Phone: 555-84894   Email:   bjorn.sund at it.uib.no
IT department         VIP:   81724       Support: http://bs.uib.no 
Univ. of Bergen

When in fear and when in doubt, run in circles, scream and shout.

More information about the samba mailing list