[Samba] Re: Getting error Samba SID does not belong to our domain

ashok cvs ashokcvs at gmail.com
Fri Feb 16 15:48:45 GMT 2007 

Hi all

To the above problem i would like to add.
The domain is msdpl.com  and the server netbios name is medhapdc
when i type
#net getlocalsid/
i get SID for domain MEDHAPDC is: S-1-5-21-3963901886-956592875-555457773
the above sid is the sid which is stored in /etc/smbldap-tools/smbldap.conf
file
where as if i type
#net getlocalsid msdpl.com
SID for domain msdpl.com is: S-1-5-21-826493912-338369434-3047185250

why are both different. i am unable to understand. we did not do any thing,
but suddenly this happened. all my desktop's are losing the trust relation
ship.
please help me

Regards
ashok


On 2/16/07, ashok cvs <ashokcvs at gmail.com> wrote:
>
> Hi all
>
> we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's
> Suddenly on PDC we are getting these error messages in /var/log/messages
> I am unable to register any system to the domain. niether able to logon to
> the domain.
>
> ##########################################################################################
> Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0]
> lib/util_sock.c:send_smb(765)
> Feb 15 11:14:32 msdpl smbd[18212]:   Error writing 5 bytes to client. -1.
> (Connection reset by peer)
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain
> Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:34 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain
> Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0]
> passdb/pdb_ldap.c:ldapuser2displayentry(4006)
> Feb 15 11:14:35 msdpl smbd[18217]:   sid
> S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain
> #####################################################################
> when typing net rpc info it gives the following error
> rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine
> MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed
> out: server did not respond after 10000 milliseconds [2007/02/15 21:12:52,
> 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close
> failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed
> out: server did not respond after 10000 milliseconds this is net rpc error
>
> but when we type
> #net getlocalsid  it gives the SID
> S-1-5-21-3963901886-956592875-555457773
>
> Actually my server's SID is the same as above.
>
> what does the above error means .
>
> The below is my smb.conf
>
> #######################################################################################
> [global]
>
>   workgroup = msdpl.com
>   netbios name = medhapdc
>   passdb backend = ldapsam:ldap://msdpl.com
>   server string = Domain Controller
>   hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
>   security = user
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   interfaces = eth0,lo
>   printing = cups
>   disable spoolss = Yes
>   printcap name = cups
>   max print jobs = 100
>   enable privileges = yes
>   log level = 2
>   password level = 8
>   username level = 8
>   bind interfaces only = yes
>   local master = Yes
>   os level = 65
>   domain master = yes
>   preferred master = yes
>  remote browse sync = 192.168.130.3
>   null passwords = no
>   hide unreadable = yes
>   hide dot files = yes
>   domain logons = yes
>   logon script = %u.bat
>   logon path =
>   logon drive = X:
>   logon home =
>   wins support = yes
>   name resolve order = wins lmhosts host bcast
>   dns proxy = no
>   time server = yes
>   log file = /var/log/samba/%m.log
>   max log size = 50
>   nt acl support = yes
>   ldap passwd sync = yes
>   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>   delete user script = /usr/local/sbin/smbldap-userdel "%u"
>   add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
>   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> "%g"
>   set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
>   ldap delete dn = Yes
>   ldap ssl = no
>   ldap suffix = dc=msdpl,dc=com
>   ldap admin dn = cn=manager,dc=msdpl,dc=com
>   ldap group suffix = ou=Groups
>   ldap user suffix = ou=People check password script =
> /usr/local/bin/crackcheck -s
>   map acl inherit = yes
>   winbind use default domain = yes
>   template shell = /bin/false
> ######################################################[Share
> Definations]###########################################
> [homes]
>    comment = Home Directories
>    valid users = %S, root
>    browseable = no
>    read only = no
>    nt acl support = Yes
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
>  [netlogon]
>    comment = Network Logon Service
>    path = /netlogon/scripts
>    guest ok = yes
>    browseable = yes
>    write list = root, kr1233
>
> #Profiles Share
>  [profiles]
>     comment = Profiles Share
>     path = /profiles/%U
>     read only = No
>     browseable = yes
>     writeable = yes
>     veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini
> #######################################################################################
>
>   ldap machine suffix = ou=Computers
>   ldap idmap suffix = ou=Idmap
>   ldap timeout = 50
>   idmap backend = ldap:ldap://msdpl.com
>   idmap uid = 10000-20000
>   idmap gid = 10000-20000
>
>
> Please help me
>
> Regards
> ashok
>
>

More information about the samba mailing list