[Samba] new user can't log
Leonardo Carneiro
lscarneiro at veltrac.com.br
Mon Dec 21 04:38:53 MST 2009
Hi guys.
I'm still stuck with that user that can't logon. This is what i got with
some commands:
fileserver:~# net groupmap list
Domain Admins (S-1-5-21-874179082-3571801642-3889913597-512) ->
Domain Admins
Domain Users (S-1-5-21-874179082-3571801642-3889913597-513) ->
Domain Users
Domain Guests (S-1-5-21-874179082-3571801642-3889913597-514) ->
Domain Guests
Domain Computers (S-1-5-21-874179082-3571801642-3889913597-515) ->
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
admfin (S-1-5-21-874179082-3571801642-3889913597-3001) -> admfin
industrial (S-1-5-21-874179082-3571801642-3889913597-3003) -> industrial
qualidade (S-1-5-21-874179082-3571801642-3889913597-3019) -> qualidade
todos (S-1-5-21-874179082-3571801642-3889913597-3023) -> todos
infra (S-1-5-21-874179082-3571801642-3889913597-47827) -> infra
diretoria (S-1-5-21-874179082-3571801642-3889913597-17759) -> diretoria
comercial (S-1-5-21-874179082-3571801642-3889913597-90607) -> comercial
instalacao (S-1-5-21-874179082-3571801642-3889913597-111769) ->
instalacao
atendimento (S-1-5-21-874179082-3571801642-3889913597-68367) ->
atendimento
veltrac (S-1-5-21-874179082-3571801642-3889913597-3031) -> software
hardware (S-1-5-21-874179082-3571801642-3889913597-3021) -> hardware
mapas (S-1-5-21-874179082-3571801642-3889913597-120591) -> mapas
importacao (S-1-5-21-874179082-3571801642-3889913597-130555) ->
importacao
fileserver:~# net getlocalsid
SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
fileserver:~# net getdomainsid
SID for local machine DOMINIO is:
S-1-5-21-874179082-3571801642-3889913597
SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
Apparently, the domain sid matchs with most part of the groups sid. can
you guys see something wrong here?
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro at veltrac.com.br <mailto:lscarneiro at veltrac.com.br>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
Leonardo Carneiro escreveu:
> The database from ldap was a copy from another domain, that existed in
> another network. i've done a slapcat in the old domain and did a
> slapadd in this new one (both domain have the same name). But this
> happened about 2 years ago. After a samba and ldap upgrade via
> apt-get, the duplicated domains message start to pop (abouth 3 months
> ago). Just now i've solved, but now, this =S.
>
> I'll try some of the stuff you guys sugested me.
>
> tks and sorry for my poor english.
>
> *Leonardo de Souza Carneiro*
> *Veltrac - Tecnologia em Logística.*
> lscarneiro at veltrac.com.br <mailto:lscarneiro at veltrac.com.br>
> http://www.veltrac.com.br <http://www.veltrac.com.br/>
> /Fone Com.: (43)2105-5601/
> /Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
> /Londrina- PR/
> /Cep: 86015-010/
>
>
>
> David Whitney escreveu:
>> Unless I've blown my memory on Windows internals, each user's SID is
>> comprised of the domain's SID, then a "self-refential" RID portion. That
>> means a user from the domain DOMINIOS should NOT have what amounts to a
>> "prefix" that looks as though it came from a different domain. But
>> unless
>> I'm mistaken, your logs are telling you exactly that - the domain
>> portion of
>> the group and user SID's indicate different domains, and that
>> indicates a
>> problem.
>>
>> One theory is that perhaps your domain was created, groups and users
>> were
>> created, but then for some reason your domain SID changed, and
>> perhaps that
>> led to your described duplicate domain entry (?) problem.
>>
>> Anyway, I'd take a look at the SIDS of other users and groups and see if
>> this problem exists for other users or groups on your domain.
>>
>> -David
>>
More information about the samba
mailing list