[Samba] Trouble with SID and user nobody

yann.helloco yann.helloco at garconnet.com
Thu Aug 23 10:24:45 GMT 2007 

Hello,

I have troubles with "SID" and some users on my Etch servers. It's a new 
install before servers were in Sarge and all was ok.

Distribution: Linux Etch, SaMBa, OpenLDAP, Gosa. (all from debian Etch)
Architecture:
- 1  "master" server, and few servers "slaves".
- Openldap data from "PDC" Samba "master" are replicated on "slaves" 
servers (slurpd daemon)
-  passdb backend of "slaves" SaMBa are local: passdb backend = 
ldapsam:ldap://127.0.0.1/ on the replicated base.

SID of master server is different from SID of slaves servers except for 
BDC of course.
"net rpc join -U root" worked good on slave servers and slaves Domains 
are in the LDAP base of the master server.

But I have theses error messages on slave servers:

Message 1:
Aug 20 16:34:13 slave1 smbd[5401]: User dupont with invalid SID 
S-1-5-21-(SID du Domaine)-3374 in passdb
Aug 20 16:34:14 slave1 smbd[5401]: [2007/08/20 16:34:14, 0] 
passdb/passdb.c:lookup_global_sam_name(598)
Aug 20 16:34:14 slave1 smbd[5401]: User root with invalid SID 
S-1-5-21-(SID du Domaine)-500 in passdb
Aug 20 16:34:14 slave1 smbd[5401]: [2007/08/20 16:34:14, 0] 
passdb/passdb.c:lookup_global_sam_name(598)
Aug 21 16:07:35 slave1 smbd[6123]: User root with invalid SID 
S-1-5-21-(SID du Domaine)-500 in passdb
Aug 21 16:07:36 slave1 smbd[6123]: [2007/08/21 16:07:36, 0] 
passdb/passdb.c:lookup_global_sam_name(598)
Aug 21 16:07:36 slave1 smbd[6123]: User nobody with invalid SID 
S-1-5-21-(SID du Domaine)-2998 in passdb
Aug 21 16:07:36 slave1 smbd[6123]: [2007/08/21 16:07:36, 0] 
passdb/passdb.c:lookup_global_sam_name(598)

Of course SID of the Domain is different from the SID of the local SaMBa 
but why these messages? For information I can browse SaMBa directories 
with windows users (dupont) but with a lot of error messages.


MeMessages 2:
I forced the SID of the Domain on one slave server (net setlocalsid) 
it's like i'd do for a BDC. The messages disappears

Aug 21 15:57:51 esclave1 smbd[10470]: [2007/08/21 15:57:51, 0] 
auth/auth_domain.c:domain_client_validate(246)
Aug 21 15:57:51 esclave1 smbd[10470]: domain_client_validate: unable to 
validate password for user guest in domain DOMAIN to Domain controller 
NUX. Error was NT_STATUS_LOGON_FAILURE.

==> user "guest" is a systeme user without password, how to say that to 
the samba server?

Thank in advance

More information about the samba mailing list