[Samba] complete newbie sid problems
Graham Seaman
G.Seaman at lse.ac.uk
Fri Dec 19 17:23:47 GMT 2008
Hi,
I'm trying to set up samba with ldap authorization on a windows network.
I have samba running on one linux host, and openldap on another. I have
used smbldap-tools to populate my directory and used smbldap-useradd to
create an initial testuser on the samba host. I can ssh in to the samba
host as the testuser ok, and get in to the testuser directory (ie. there
are no permission problems). But if I try to do `smbclient
//DOMAIN/testuser -U testuser` I get 'tree connect failed:
NT_STATUS_ACCESS_DENIED'. Looking at the samba log, I see:
[2008/12/19 17:08:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: testuser
[2008/12/19 17:08:30, 2] passdb/pdb_ldap.c:init_group_from_ldap(2162)
init_group_from_ldap: Entry found for group: 513
[2008/12/19 17:08:30, 0] passdb/passdb.c:lookup_global_sam_name(596)
User testuser with invalid SID
S-1-5-21-1306896613-1613859276-828620297-3000 in passdb
[2008/12/19 17:08:30, 2] smbd/service.c:make_connection_snum(616) user
'testuser' (from session setup) not permitted to access this share
(testuser)
net getlocalsid on the samba host gives:
SID for domain DOMAIN is: S-1-5-21-1306896613-1613859276-828620297
which matches the 'invalid SID' above. Looking in the ldap directory, I
see the uidNumber for testuser is 1000. The smbldap-tools documentation
say the algorithm to go from uid to sid is sid = 2 * uid + 1000, which
also matches the 'invalid SID'.
Any suggestions for what to do from here?
Thanks
Graham
More information about the samba
mailing list