[Samba] ldapsam_getsampwsid: Unable to locate SID

Daniel Bramkamp bramkamp at team-datentechnik.de
Mon Dec 10 19:15:18 GMT 2007 

Hi,

I am running a couple of Samba / LDAP servers. While they all do work  
fine, I get a message like this on all of them when I run pdbedit -L -v:

Unix username:        administrator
NT username:          administrator
Account Flags:        [UX         ]
User SID:             S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-21000
init_group_from_ldap: Entry found for group: 512
lookup_global_sam_rid: looking up RID 512.
ldapsam_getsampwsid: Unable to locate SID  
[S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512] count=0
init_group_from_ldap: Entry found for group: 512
lookup_rids: Domain Admins:2
Primary Group SID:    S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512
Full Name:            Administrator

I thought the "unable to locate SID message" would vanish after  
indexing slapd's database, but it does not. I copied the following  
settings for the index from the Samba Howto:

# Indices to maintain
## required by OpenLDAP
index objectclass             eq

index cn                      pres,sub,eq
index sn                      pres,sub,eq
## required to support pdb_getsampwnam
index uid                     pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName             pres,sub,eq

## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
index uidNumber               eq
index gidNumber               eq
index memberUid               eq

index   sambaSID              eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName       eq
index   default               sub

This is a new install, which is not in use yet. It is running Samba  
3.0.28. The following group mappings are setup on the server:

Domain Admins (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-512) -> Domain Admins
Domain Users (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-513) -> Domain Users
Domain Guests (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-514) -> Domain Guests
Domain Computers (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-515) ->  
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators

Thanks in advance.

More information about the samba mailing list