[Samba] Re: SID problem with working samba
toni
tonign at xtec.net
Wed Jan 23 19:17:46 GMT 2008
hi,
El Wed, 23 Jan 2008 07:54:57 -0500
Jamrock <news_jamrock at yahoo.com> ha escrit:
> "toni" <tonign at xtec.net> wrote in message
> news:20080122212228.5b9c62cb at gamma...
> > hello,
> >
> > i have 1 PDC and 1 BDC using smbldap, and now i'm adding a server
> > (as a domain member, not BDC) that will have shares to be mounted
> > by the clients.
> >
> > this server also uses smbldap and, at this moment, the service is
> > working almost normally.
> >
> > the problem seems to be the typical SID problem, but my new samba
> > reports to have the same SID that the PDC and BDC have, and users
> > can log into the domain and map shares. however, when mapping
> > shares log file prints these lines:
>
> I would not expect you to need smbldap on a member server.
> Typically, member servers authenticate against a pdc or bdc. They do
> not authenticate locally.
i'm getting a correct behaviour with a passdb backend ldapsam, but also
a 40-60 seconds timeout when connecting to shares and the following
lines in the log file:
[2008/01/23 18:43:27, 0, effective(0, 0), real(0, 0)]
passdb/passdb.c:lookup_global_sam_name(596)
User USER with invalid SID
S-1-5-21-3094878921-2476751602-3662942323-12534 in passdb
i've read the documentation, chapter 7 as you suggested, and i've
removed the ldap* configuration options and added the option
"winbind trusted domains only = yes"
with this new configuration, the 'invalid SID' lines are not shown but
i'm getting the annoying timeout when connecting to shares. also, now,
"pdbedit -L USER" can't find users and "smbclient -L -U USER%passwd" do
a timeout after 20 seconds (this is the same as before)
now, my smb.conf contains:
[global]
netbios name = SERVERNAME
workgroup = DOMAIN
security = domain
local master = no
password server = *
winbind trusted domains only = yes
mangling method = hash2
encrypt passwords = yes
; wins is the PDC
wins server = 10.0.2.1
> One option is to load ldap on the server. Load Samba so it can
> configure against ldap.
>
> You can then configure the machine to use the ldap on the pdc for
> authentication.
this server has also a ldap server to resolve system users (via
nsswitch), and the contents are replicated from a master ldap in the
PDC (i think this is what you are proposing, isn't it?)
>
> Chapter 7 of Samba by Example shows a few options re: setting up a
> member server to authenticate against a pdc.
>
thanks for your help
More information about the samba
mailing list