[Samba] Problems since upgrade from 3.0.23 to 3.0.25b

Jason Baker jbaker at glastender.com
Tue Jul 17 17:57:32 GMT 2007 

Now I am unable to set the user's account to Must Change Password. I 
tried it in LDAP Account Manager and with PDBEDIT and it simply will not 
change, something is definitely wrong here with my setup.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



Jason Baker wrote:
>> net rpc info
>>
>> should match. I am not sure about get local sid as it failed on my pdc.
>
>    # net rpc info
>    Password:
>    Domain Name: GLASTENDERNET
>    Domain SID: S-1-5-21-1194936901-2368177035-684874509
>    Sequence number: 1184678015
>    Num users: 100
>    Num domain groups: 39
>    Num local groups: 0
>
>
> This seems correct.
> I re-ran the smbldap_tools configuration script, so I'm quite sure all 
> is correct with that.
>
> *Jason Baker
> */IT Coordinator/
>
>
> *Glastender Inc.*
> 5400 North Michigan Road
> Saginaw, Michigan 48604 USA
> 800.748.0423
> Phone: 989.752.4275 ext. 228
> Fax: 989.752.4444
> www.glastender.com <http://www.glastender.com>
>
> -----BEGIN GEEK CODE BLOCK----- Version: 3.1
> GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
> w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++
> ------END GEEK CODE BLOCK------
>
>
>
> John Drescher wrote:
>>
>>
>> On 7/17/07, *Jason Baker* <jbaker at glastender.com 
>> <mailto:jbaker at glastender.com>> wrote:
>>
>>>     This is saying that your user and group have confilcting sids
>>>     because
>>>     they should share the same base sid as everything else on the
>>>     domain.
>>>     To fix this you need to go through your ldap database and make sure
>>>     that all sids have the same base.
>>     This is very strange. I added this user using the
>>     /etc/smbldap-tools/smbldap-useradd script. Which yielded a user
>>     SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid
>>     S-1-5-21-1194936901-2368177035-684874509-513. If I check all my
>>     other users they have a user sid such as;
>>
>>         S-1-5-21-1194936901-2368177035-684874509-XXXX
>>
>>     and a group sid such as;
>>
>>         S-1-5-21-1194936901-2368177035-684874509-XXXX
>>
>>     If I run the command: net getlocalsid on the PDC I get:
>>
>>         SID for domain ASTER is: 
>> S-1-5-21-3568796296-2565465778-716510536
>>
>>     Shouldn't the PDC SID match the user and group SIDs?
>>
>>
>> net rpc info
>>
>> should match. I am not sure about get local sid as it failed on my pdc.
>>  
>>
>>     So I deleted the user account, went into the LDAP Account Manager
>>     tool from a web browser, recreated the user, and now the user SID
>>     is correct:
>>     S-1-5-21-1194936901-2368177035-684874509-3408
>>     I then went back and tried to add a test user account using the
>>     /etc/smbldap-tools/smbldap-useradd script, and I get the following
>>     error:
>>
>>         Could not find base dn, to get next uidNumber at
>>         /etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283
>>
>>     I'm not sure whats going on, everything worked fine until I
>>     upgraded to 3.0.25.
>>
>>
>> Are you sure your  smbldap tools conf files did not get updated somehow?
>>
>> John
>>

More information about the samba mailing list