[Samba] Problems since upgrade from 3.0.23 to 3.0.25b

Jason Baker jbaker at glastender.com
Tue Jul 17 12:49:19 GMT 2007 

> This is saying that your user and group have confilcting sids because
> they should share the same base sid as everything else on the domain.
> To fix this you need to go through your ldap database and make sure
> that all sids have the same base.
This is very strange. I added this user using the 
/etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of 
S-1-5-21-3568796296-2565465778-716510536-3404 but group sid 
S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other 
users they have a user sid such as;

    S-1-5-21-1194936901-2368177035-684874509-XXXX

and a group sid such as;

    S-1-5-21-1194936901-2368177035-684874509-XXXX

If I run the command: net getlocalsid on the PDC I get:

    SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536

Shouldn't the PDC SID match the user and group SIDs?
So I deleted the user account, went into the LDAP Account Manager tool 
from a web browser, recreated the user, and now the user SID is correct:
S-1-5-21-1194936901-2368177035-684874509-3408
I then went back and tried to add a test user account using the 
/etc/smbldap-tools/smbldap-useradd script, and I get the following error:

    Could not find base dn, to get next uidNumber at
    /etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283.

I'm not sure whats going on, everything worked fine until I upgraded to 
3.0.25.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



John Drescher wrote:
> On 7/16/07, Jason Baker <jbaker at glastender.com> wrote:
>> I have a working Samba PDC, I can log in and out from a windows xp
>> workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new
>> user, I get:
>>
>>     The system cannot log you on due to the following error:
>>     A device attached to the system is not fuctioning
>>     Please try again or consult your system administrator
>>
>> I have network connectivity. I was able to join this machine to the
>> domain through windows xp. I can log on to the domain from this machine
>> with an existing user. All file and directory permissions are correct:
>>
>> If I run the smbclient command I get:
>>
>>     session setup failed: NT_STATUS_NO_LOGON_SERVERS
>>
> I believe that means that samba could not find the PDC via name 
> resolution.
>
>>
>> Samba is indeed running. If I run smbclient with an existing user I get:
>> I found this entry in the domain controllers samba log:
>>
>>     [2007/07/16 13:55:13, 5]
>>     rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
>>       _net_sam_logon: check_password returned status NT_STATUS_OK
>>     [2007/07/16 13:55:13, 1]
>>     rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
>>       _net_sam_logon: user GLASTENDERNET\jrolfe has user sid
>>     S-1-5-21-3568796296-2565465778-716510536-3404
>>        but group sid S-1-5-21-1194936901-2368177035-684874509-513.
>>       The conflicting domain portions are not supported for NETLOGON 
>> calls
>>     <----------------------CUT---------------------->
>
> This is saying that your user and group have confilcting sids because
> they should share the same base sid as everything else on the domain.
> To fix this you need to go through your ldap database and make sure
> that all sids have the same base.
>
> John

More information about the samba mailing list