[Samba] smbldap machine account pb since 3.0.23c-1

Cédric Delfosse cedric.delfosse at linbox.com
Mon Feb 5 17:30:16 GMT 2007

Le lundi 05 février 2007 à 09:45 +0100, emmanuel musso a écrit :
> Hello
> When a windows xp workstation join a domain, by windows gui parameters, ldap
> machine attributes are not filled correctly:
> - No attribute sambaprimarygroupsid (before, there was one terminated by 515)

AFAIK, the gid number of a computer/user account entry is now used to
determine its primary group SID (if sambaPrimaryGroupSID is not set).

> - rid (of sambasid) is not equal a 2*uid+1000
> If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid
> terminated by 513)
> All the others samba attributes are ok
> Same problem if i use "smbldap-useradd -w" before joining the domain; Posix
> attributes are created by "smbldap-useradd -w", and samba attributes are
> created the first time workstation join the domain, allways with bad sambasid
> and without sambaprimarygroupsid.
> Same problem if i use "net join" on a linux smbclient with winbind
> In all cases, my workstation is connected to the domain, and user can use it.
> I didn't change my config, i didn't modify idealx tools. I think the problem
> exits since 3.0.23c-1 update in month september. I know my computers who joined
> the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with
> sambaprimarygroupsid present, and valid sambasid
> (rid = 2* uid + 1000).
> I have 2 Domain with the same problem

I have one domain that also showed this behaviour (samba 3.0.23d), and
another that works « like before ».

Looks like that SAMBA was using the sambaNextRid field from the
sambaDomainName entry to build the SAMBA SID of the computer accounts,
but I don't know why.


Cedric Delfosse                             Linbox / Free&ALter Soft
152, rue de Grigy - Technopole Metz              57070 METZ - FRANCE
tel: +33 (0)3 87 50 87 90                          http://linbox.com

More information about the samba mailing list