[Samba] new user can't log

Leonardo Carneiro lscarneiro at veltrac.com.br
Fri Dec 18 11:48:31 MST 2009 

Hello everyone.

I was having a problem with my Samba PDC with LDAP backend. The command 
'net getlocalsid' gaves me the message "Got too many (2) domain info 
entries for domain [domain]". I logged im my ldap server, and saw that i 
have the following entries:

    dn: sambaDomainName=DOMINIO,dc=dominio,dc=com,dc=br
    sambaDomainName: DOMINIO
    sambaSID: S-1-5-21-874179082-3571801642-3889913597
    sambaAlgorithmicRidBase: 1000
    objectClass: sambaDomain
    sambaNextUserRid: 67109862
    sambaNextGroupRid: 67109863
    structuralObjectClass: sambaDomain
    entryUUID: 9ca720c8-00a6-102c-9973-d48efacd902d
    creatorsName: cn=root,dc=dominio,dc=com,dc=br
    createTimestamp: 20070926180404Z
    entryCSN: 20070926180404Z#000001#00#000000
    modifiersName: cn=root,dc=dominio,dc=com,dc=br
    modifyTimestamp: 20070926180404Z


and:

    dn: ou=Dominios,dc=dominio,dc=com,dc=br
    ou: Dominios
    objectClass: top
    objectClass: organizationalUnit
    structuralObjectClass: organizationalUnit

    dn: sambaDomainName=DOMINIO,ou=Dominios,dc=dominio,dc=com,dc=br
    objectClass: sambaDomain
    sambaAlgorithmicRidBase: 1000
    sambaSID: S-1-5-21-874179082-3571801642-3889913597
    sambaDomainName: DOMINIO
    sambaMinPwdLength: 4
    sambaLogonToChgPwd: 2
    sambaForceLogoff: 0
    sambaRefuseMachinePwdChange: 1
    structuralObjectClass: sambaDomain

Deleting the former (the one that was not inside the 'ou=Dominios') 
solved the problem. Now, the 'net getlocalsid' gives me the SID for my 
domain correctly. I don't know if this have any relation with my new 
problem, but i created a new user and he can't login.

The error is in portuguese, but i'll translate here: "The system could 
not logon by the following error: A device conected to the system is not 
working".

In the log of the machine the user is trying to log, i have the 
following info:

    [2009/12/18 16:47:29,  2] auth/auth.c:check_ntlm_password(308)
      check_ntlm_password:  authentication for user [dsribeiro] ->
    [dsribeiro] -> [dsribeiro] succeeded
    [2009/12/18 16:47:29,  1]
    rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060)
      _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid
    S-1-5-21-4161212321-1980848047-2820993626-3468
       but group sid S-1-5-21-874179082-3571801642-3889913597-513.
      The conflicting domain portions are not supported for NETLOGON calls

Can anyone point me to how to solve this? I'm not what you guys could 
call an expert in samba :D



-- 

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro at veltrac.com.br <mailto:lscarneiro at veltrac.com.br>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

More information about the samba mailing list