[Samba] Getting error Samba SID does not belong to our domain
ashok cvs
ashokcvs at gmail.com
Fri Feb 16 05:06:53 GMT 2007
Hi all
we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's
Suddenly on PDC we are getting these error messages in /var/log/messages
I am unable to register any system to the domain. niether able to logon to
the domain.
##########################################################################################
Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0]
lib/util_sock.c:send_smb(765)
Feb 15 11:14:32 msdpl smbd[18212]: Error writing 5 bytes to client. -1.
(Connection reset by peer)
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]: sid
S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain
#####################################################################
when typing net rpc info it gives the following error
rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine
MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed
out: server did not respond after 10000 milliseconds [2007/02/15 21:12:52,
0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close
failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed
out: server did not respond after 10000 milliseconds this is net rpc error
but when we type
#net getlocalsid it gives the SID
S-1-5-21-3963901886-956592875-555457773
Actually my server's SID is the same as above.
what does the above error means .
The below is my smb.conf
#######################################################################################
[global]
workgroup = msdpl.com
netbios name = medhapdc
passdb backend = ldapsam:ldap://msdpl.com
server string = Domain Controller
hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0,lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
enable privileges = yes
log level = 2
password level = 8
username level = 8
bind interfaces only = yes
local master = Yes
os level = 65
domain master = yes
preferred master = yes
remote browse sync = 192.168.130.3
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon path =
logon drive = X:
logon home =
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
log file = /var/log/samba/%m.log
max log size = 50
nt acl support = yes
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=msdpl,dc=com
ldap admin dn = cn=manager,dc=msdpl,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People check password script =
/usr/local/bin/crackcheck -s
map acl inherit = yes
winbind use default domain = yes
template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
comment = Home Directories
valid users = %S, root
browseable = no
read only = no
nt acl support = Yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /netlogon/scripts
guest ok = yes
browseable = yes
write list = root, kr1233
#Profiles Share
[profiles]
comment = Profiles Share
path = /profiles/%U
read only = No
browseable = yes
writeable = yes
veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini
#######################################################################################
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap timeout = 50
idmap backend = ldap:ldap://msdpl.com
idmap uid = 10000-20000
idmap gid = 10000-20000
Please help me
Regards
ashok
More information about the samba
mailing list