[Samba] Problems since upgrade from 3.0.23 to 3.0.25b
Jason Baker
jbaker at glastender.com
Tue Jul 17 12:49:19 GMT 2007
> This is saying that your user and group have confilcting sids because
> they should share the same base sid as everything else on the domain.
> To fix this you need to go through your ldap database and make sure
> that all sids have the same base.
This is very strange. I added this user using the
/etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of
S-1-5-21-3568796296-2565465778-716510536-3404 but group sid
S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other
users they have a user sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
and a group sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
If I run the command: net getlocalsid on the PDC I get:
SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536
Shouldn't the PDC SID match the user and group SIDs?
So I deleted the user account, went into the LDAP Account Manager tool
from a web browser, recreated the user, and now the user SID is correct:
S-1-5-21-1194936901-2368177035-684874509-3408
I then went back and tried to add a test user account using the
/etc/smbldap-tools/smbldap-useradd script, and I get the following error:
Could not find base dn, to get next uidNumber at
/etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283.
I'm not sure whats going on, everything worked fine until I upgraded to
3.0.25.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
John Drescher wrote:
> On 7/16/07, Jason Baker <jbaker at glastender.com> wrote:
>> I have a working Samba PDC, I can log in and out from a windows xp
>> workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new
>> user, I get:
>>
>> The system cannot log you on due to the following error:
>> A device attached to the system is not fuctioning
>> Please try again or consult your system administrator
>>
>> I have network connectivity. I was able to join this machine to the
>> domain through windows xp. I can log on to the domain from this machine
>> with an existing user. All file and directory permissions are correct:
>>
>> If I run the smbclient command I get:
>>
>> session setup failed: NT_STATUS_NO_LOGON_SERVERS
>>
> I believe that means that samba could not find the PDC via name
> resolution.
>
>>
>> Samba is indeed running. If I run smbclient with an existing user I get:
>> I found this entry in the domain controllers samba log:
>>
>> [2007/07/16 13:55:13, 5]
>> rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
>> _net_sam_logon: check_password returned status NT_STATUS_OK
>> [2007/07/16 13:55:13, 1]
>> rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
>> _net_sam_logon: user GLASTENDERNET\jrolfe has user sid
>> S-1-5-21-3568796296-2565465778-716510536-3404
>> but group sid S-1-5-21-1194936901-2368177035-684874509-513.
>> The conflicting domain portions are not supported for NETLOGON
>> calls
>> <----------------------CUT---------------------->
>
> This is saying that your user and group have confilcting sids because
> they should share the same base sid as everything else on the domain.
> To fix this you need to go through your ldap database and make sure
> that all sids have the same base.
>
> John
More information about the samba
mailing list