[Samba] LDAP different Group SID -- not supported for NETLOGON calls
Cesar Amaya
csar at 123.com.sv
Tue Apr 1 00:58:04 GMT 2008
Hello list,
I have two Samba-LDAP DC's each in different networks, domain AMECC_SAL
(192.168.40.0/24) and domain AMECC_GUA (192.168.42./24). I have
established a inter-domain trust relationship in both directions. My
problem comes when I try to log into a machine in the AMECC_SAL domain
using any user from the AMECC_GUA domain. The machine´s name in which I
want to sign in is cc03.
The log for the machine account says:
# tail -f cc03.log
[2008/03/31 16:55:17, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 515
[2008/03/31 16:55:35, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [ricky] -> [ricky] ->
[ricky] succeeded
[2008/03/31 16:55:35, 1]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
_net_sam_logon: user AMECC_GUA\ricky has user sid
S-1-5-21-2494724867-3922152549-500773586-3022
but group sid S-1-5-21-3360583363-2600074294-2199971840-513.
The conflicting domain portions are not supported for NETLOGON calls
Part of the pdbedit -L -v says:
Unix username: ricky
NT username: ricky
Account Flags: [U ]
User SID: S-1-5-21-2494724867-3922152549-500773586-3022
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
Primary Group SID: S-1-5-21-2494724867-3922152549-500773586-513
from this output we can tell that Primary Group SID is different from
that group sid of cc03.log file:
S-1-5-21-3360583363-2600074294-2199971840-513.
I am using the following software: FreeBSD 7.0 Release, samba-3.0.28,1,
openldap-2.3.41 and smbldap-tools-0.9.4_2.
Please can any one give some help???
Thank you very much.
More information about the samba
mailing list