[Samba] Getting error Samba SID does not belong to our domain

ashok cvs ashokcvs at gmail.com
Fri Feb 16 05:06:53 GMT 2007


Hi all

we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's
Suddenly on PDC we are getting these error messages in /var/log/messages
I am unable to register any system to the domain. niether able to logon to
the domain.
##########################################################################################
Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0]
lib/util_sock.c:send_smb(765)
Feb 15 11:14:32 msdpl smbd[18212]:   Error writing 5 bytes to client. -1.
(Connection reset by peer)
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain
Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:34 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain
Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
passdb/pdb_ldap.c:ldapuser2displayentry(4006)
Feb 15 11:14:35 msdpl smbd[18217]:   sid
S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain
#####################################################################
when typing net rpc info it gives the following error
rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine
MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed
out: server did not respond after 10000 milliseconds [2007/02/15 21:12:52,
0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close
failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed
out: server did not respond after 10000 milliseconds this is net rpc error

but when we type
#net getlocalsid  it gives the SID
S-1-5-21-3963901886-956592875-555457773

Actually my server's SID is the same as above.

what does the above error means .

The below is my smb.conf
#######################################################################################
[global]

  workgroup = msdpl.com
  netbios name = medhapdc
  passdb backend = ldapsam:ldap://msdpl.com
  server string = Domain Controller
  hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
  security = user
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0,lo
  printing = cups
  disable spoolss = Yes
  printcap name = cups
  max print jobs = 100
  enable privileges = yes
  log level = 2
  password level = 8
  username level = 8
  bind interfaces only = yes
  local master = Yes
  os level = 65
  domain master = yes
  preferred master = yes
 remote browse sync = 192.168.130.3
  null passwords = no
  hide unreadable = yes
  hide dot files = yes
  domain logons = yes
  logon script = %u.bat
  logon path =
  logon drive = X:
  logon home =
  wins support = yes
  name resolve order = wins lmhosts host bcast
  dns proxy = no
  time server = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  nt acl support = yes
  ldap passwd sync = yes
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=msdpl,dc=com
  ldap admin dn = cn=manager,dc=msdpl,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People check password script =
/usr/local/bin/crackcheck -s
  map acl inherit = yes
  winbind use default domain = yes
  template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
   comment = Home Directories
   valid users = %S, root
   browseable = no
   read only = no
   nt acl support = Yes

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /netlogon/scripts
   guest ok = yes
   browseable = yes
   write list = root, kr1233

#Profiles Share
 [profiles]
    comment = Profiles Share
    path = /profiles/%U
    read only = No
    browseable = yes
    writeable = yes
    veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini
#######################################################################################
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmap
  ldap timeout = 50
  idmap backend = ldap:ldap://msdpl.com
  idmap uid = 10000-20000
  idmap gid = 10000-20000


Please help me

Regards
ashok


More information about the samba mailing list