[Samba] ldap machine account: bad RID, no SambaPrimaruGroupSID,
emmanuel.musso at iut-tlse3.fr
Tue Feb 27 15:39:39 GMT 2007
When a windows xp workstation join a domain, by windows gui parameters, ldap
machine attributes are not filled correctly:
- No attribute sambaprimarygroupsid (before, there was one terminated by 515)
- rid (of sambasid) is not equal a 2*uid+1000
gid attribute is ok (515)
If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid
terminated by 513)
All the others samba attributes are ok
Same problem if i use "smbldap-useradd -w" before joining the domain; Posix
attributes are created by "smbldap-useradd -w", and samba attributes are
created the first time workstation join the domain, allways with bad sambasid
and without sambaprimarygroupsid.
Same problem if i use "net join" on a linux smbclient with winbind
SAMBA seems using the sambaNextRid field from the
sambaDomainName entry to build the SAMBA SID of the computer accounts, but I
don't know why (thanks cedric)
In all cases, my workstation is connected to the domain, and user can use it.
I didn't change my config, i didn't modify idealx tools. The problem
exits since 3.0.23c-1 update in month september (with samba.schema modif) I know
my computers who joined
the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with
sambaprimarygroupsid present, and valid sambasid
(rid = 2* uid + 1000).
I have 2 Domain with the same problem
samba 3.0.23d-4 on debian testing, with daily updates
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
windows xp sp2
windows 2000 sp4
kdm on debian with smbclient and winbind
Thank you very much
(this mail is already sent at february 5th)
I.U.T. Paul Sabatier
Dépt Génie électrique 0562258241
Service informatique 0562258025
This message was sent using IMP, the Internet Messaging Program.
More information about the samba