[Samba] smbldap machine account pb since 3.0.23c-1

emmanuel musso emmanuel.musso at iut-tlse3.fr
Wed Feb 7 09:04:46 GMT 2007 

Hello
-

Selon Cédric Delfosse <cedric.delfosse at linbox.com>:

> Le lundi 05 février 2007 à 09:45 +0100, emmanuel musso a écrit :
> > Hello
> >
> > When a windows xp workstation join a domain, by windows gui parameters,
> ldap
> > machine attributes are not filled correctly:
> >
> > - No attribute sambaprimarygroupsid (before, there was one terminated by
> 515)
>
> AFAIK, the gid number of a computer/user account entry is now used to
> determine its primary group SID (if sambaPrimaryGroupSID is not set).

For my  computer accounts, gid is correctly defined to 515

>
> > - rid (of sambasid) is not equal a 2*uid+1000
> >
> > If i create a user, rid (sambasid) equal a 2*uid + 1000 (and
> sambaprimarygrousid
> > terminated by 513)
> >
> > All the others samba attributes are ok
> > Same problem if i use "smbldap-useradd -w" before joining the domain; Posix
> > attributes are created by "smbldap-useradd -w", and samba attributes are
> > created the first time workstation join the domain, allways with bad
> sambasid
> > and without sambaprimarygroupsid.
> >
> > Same problem if i use "net join" on a linux smbclient with winbind
> >
> > In all cases, my workstation is connected to the domain, and user can use
> it.
> >
> > I didn't change my config, i didn't modify idealx tools. I think the
> problem
> > exits since 3.0.23c-1 update in month september. I know my computers who
> joined
> > the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with
> > sambaprimarygroupsid present, and valid sambasid
> > (rid = 2* uid + 1000).
> > I have 2 Domain with the same problem
>
> I have one domain that also showed this behaviour (samba 3.0.23d), and
> another that works « like before ».
>
> Looks like that SAMBA was using the sambaNextRid field from the
> sambaDomainName entry to build the SAMBA SID of the computer accounts,
> but I don't know why.

Yes i think you are right

Here is syslog when i create a computer
Feb  7 09:18:15 nestor slapd[24440]: conn=14766 op=36 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupR
id sambaSID sambaAlgorithmicRidBase objectClass
Feb  7 09:18:15 nestor slapd[24440]: conn=14766 op=36 SEARCH RESULT tag=101
err=0 nentries=1 text=
Feb  7 09:18:15 nestor slapd[24440]: conn=14766 op=37 MOD
dn="sambaDomainName=GE2I,dc=ge2i,dc=iut-tlse3,dc=fr"
Feb  7 09:18:15 nestor slapd[24440]: conn=14766 op=37 MOD attr=sambaNextRid
sambaNextRid

here is syslog when i create a user
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=4 SRCH
base="dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter="(uidNumbe
r=5130)"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=4 SEARCH RESULT tag=101 err=0
nentries=0 text=
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=5 SRCH
base="ou=Groups,dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter=
"(&(objectClass=posixGroup)(gidNumber=513))"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=5 SEARCH RESULT tag=101 err=0
nentries=1 text=
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=6 SRCH
base="ou=People,dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter=
"(sambaSID=s-1-5-21-1013494363-2106538438-1688464621-11260)"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=6 SEARCH RESULT tag=101 err=0
nentries=0 text=
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=7 ADD
dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=7 RESULT tag=105 err=0 text=
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=8 MOD
dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=8 MOD attr=objectClass
sambaPwdLastSet sambaLogonTime sambaLogoffTime samb
aKickoffTime sambaPwdCanChange sambaPwdMustChange displayName sambaAcctFlags
sambaSID
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=8 RESULT tag=103 err=0 text=
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=9 MOD
dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr"
Feb  7 09:38:51 nestor slapd[24440]: conn=14805 op=9 MOD attr=sambaLMPassword
sambaPrimaryGroupSID sambaNTPassword sambaLogon
Script sambaHomePath sambaHomeDrive

Why samba use  the sambaNextRid field from the
sambaDomainName entry to build the SAMBA SID of the computer accounts ?
in which configuration file SID's creation is different for users and computers
?

Is there a new samba.schema since september month ? (Mine is original
samba.schema with minor update change recommended by whatsnew for 3.0.23)?

Thanks

>
> Regards,
>
> --
> Cedric Delfosse                             Linbox / Free&ALter Soft
> 152, rue de Grigy - Technopole Metz              57070 METZ - FRANCE
> tel: +33 (0)3 87 50 87 90                          http://linbox.com
>
>

Regards
-
Emmanuel musso
technicien informatique
I.U.T. Paul Sabatier
Dépt Génie électrique 0562258241
Service informatique 0562258025


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the samba mailing list