[Samba] Problems since upgrade from 3.0.23 to 3.0.25b
Jason Baker
jbaker at glastender.com
Tue Jul 17 17:57:32 GMT 2007
Now I am unable to set the user's account to Must Change Password. I
tried it in LDAP Account Manager and with PDBEDIT and it simply will not
change, something is definitely wrong here with my setup.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Jason Baker wrote:
>> net rpc info
>>
>> should match. I am not sure about get local sid as it failed on my pdc.
>
> # net rpc info
> Password:
> Domain Name: GLASTENDERNET
> Domain SID: S-1-5-21-1194936901-2368177035-684874509
> Sequence number: 1184678015
> Num users: 100
> Num domain groups: 39
> Num local groups: 0
>
>
> This seems correct.
> I re-ran the smbldap_tools configuration script, so I'm quite sure all
> is correct with that.
>
> *Jason Baker
> */IT Coordinator/
>
>
> *Glastender Inc.*
> 5400 North Michigan Road
> Saginaw, Michigan 48604 USA
> 800.748.0423
> Phone: 989.752.4275 ext. 228
> Fax: 989.752.4444
> www.glastender.com <http://www.glastender.com>
>
> -----BEGIN GEEK CODE BLOCK----- Version: 3.1
> GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
> w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++
> ------END GEEK CODE BLOCK------
>
>
>
> John Drescher wrote:
>>
>>
>> On 7/17/07, *Jason Baker* <jbaker at glastender.com
>> <mailto:jbaker at glastender.com>> wrote:
>>
>>> This is saying that your user and group have confilcting sids
>>> because
>>> they should share the same base sid as everything else on the
>>> domain.
>>> To fix this you need to go through your ldap database and make sure
>>> that all sids have the same base.
>> This is very strange. I added this user using the
>> /etc/smbldap-tools/smbldap-useradd script. Which yielded a user
>> SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid
>> S-1-5-21-1194936901-2368177035-684874509-513. If I check all my
>> other users they have a user sid such as;
>>
>> S-1-5-21-1194936901-2368177035-684874509-XXXX
>>
>> and a group sid such as;
>>
>> S-1-5-21-1194936901-2368177035-684874509-XXXX
>>
>> If I run the command: net getlocalsid on the PDC I get:
>>
>> SID for domain ASTER is:
>> S-1-5-21-3568796296-2565465778-716510536
>>
>> Shouldn't the PDC SID match the user and group SIDs?
>>
>>
>> net rpc info
>>
>> should match. I am not sure about get local sid as it failed on my pdc.
>>
>>
>> So I deleted the user account, went into the LDAP Account Manager
>> tool from a web browser, recreated the user, and now the user SID
>> is correct:
>> S-1-5-21-1194936901-2368177035-684874509-3408
>> I then went back and tried to add a test user account using the
>> /etc/smbldap-tools/smbldap-useradd script, and I get the following
>> error:
>>
>> Could not find base dn, to get next uidNumber at
>> /etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283
>>
>> I'm not sure whats going on, everything worked fine until I
>> upgraded to 3.0.25.
>>
>>
>> Are you sure your smbldap tools conf files did not get updated somehow?
>>
>> John
>>
More information about the samba
mailing list