[Samba] Re: Getting error Samba SID does not belong to our domain
ashok cvs
ashokcvs at gmail.com
Fri Feb 16 15:48:45 GMT 2007
Hi all
To the above problem i would like to add.
The domain is msdpl.com and the server netbios name is medhapdc
when i type
#net getlocalsid/
i get SID for domain MEDHAPDC is: S-1-5-21-3963901886-956592875-555457773
the above sid is the sid which is stored in /etc/smbldap-tools/smbldap.conf
file
where as if i type
#net getlocalsid msdpl.com
SID for domain msdpl.com is: S-1-5-21-826493912-338369434-3047185250
why are both different. i am unable to understand. we did not do any thing,
but suddenly this happened. all my desktop's are losing the trust relation
ship.
please help me
Regards
ashok
On 2/16/07, ashok cvs <ashokcvs at gmail.com> wrote:
>
> Hi all
>
> we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's
> Suddenly on PDC we are getting these error messages in /var/log/messages
> I am unable to register any system to the domain. niether able to logon to
> the domain.
>
> ##########################################################################################
> Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0]
> lib/util_sock.c:send_smb(765)
> Feb 15 11:14:32 msdpl smbd[18212]: Error writing 5 bytes to client. -1.
> (Connection reset by peer)
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]: sid
> S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain
> #####################################################################
> when typing net rpc info it gives the following error
> rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine
> MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed
> out: server did not respond after 10000 milliseconds [2007/02/15 21:12:52,
> 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close
> failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed
> out: server did not respond after 10000 milliseconds this is net rpc error
>
> but when we type
> #net getlocalsid it gives the SID
> S-1-5-21-3963901886-956592875-555457773
>
> Actually my server's SID is the same as above.
>
> what does the above error means .
>
> The below is my smb.conf
>
> #######################################################################################
> [global]
>
> workgroup = msdpl.com
> netbios name = medhapdc
> passdb backend = ldapsam:ldap://msdpl.com
> server string = Domain Controller
> hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
> security = user
> encrypt passwords = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = eth0,lo
> printing = cups
> disable spoolss = Yes
> printcap name = cups
> max print jobs = 100
> enable privileges = yes
> log level = 2
> password level = 8
> username level = 8
> bind interfaces only = yes
> local master = Yes
> os level = 65
> domain master = yes
> preferred master = yes
> remote browse sync = 192.168.130.3
> null passwords = no
> hide unreadable = yes
> hide dot files = yes
> domain logons = yes
> logon script = %u.bat
> logon path =
> logon drive = X:
> logon home =
> wins support = yes
> name resolve order = wins lmhosts host bcast
> dns proxy = no
> time server = yes
> log file = /var/log/samba/%m.log
> max log size = 50
> nt acl support = yes
> ldap passwd sync = yes
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
> ldap delete dn = Yes
> ldap ssl = no
> ldap suffix = dc=msdpl,dc=com
> ldap admin dn = cn=manager,dc=msdpl,dc=com
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People check password script =
> /usr/local/bin/crackcheck -s
> map acl inherit = yes
> winbind use default domain = yes
> template shell = /bin/false
> ######################################################[Share
> Definations]###########################################
> [homes]
> comment = Home Directories
> valid users = %S, root
> browseable = no
> read only = no
> nt acl support = Yes
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
> comment = Network Logon Service
> path = /netlogon/scripts
> guest ok = yes
> browseable = yes
> write list = root, kr1233
>
> #Profiles Share
> [profiles]
> comment = Profiles Share
> path = /profiles/%U
> read only = No
> browseable = yes
> writeable = yes
> veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini
> #######################################################################################
>
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> ldap timeout = 50
> idmap backend = ldap:ldap://msdpl.com
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
>
> Please help me
>
> Regards
> ashok
>
>
More information about the samba
mailing list