[Samba] new user can't log

Leonardo Carneiro lscarneiro at veltrac.com.br
Mon Dec 21 04:38:53 MST 2009


Hi guys.

I'm still stuck with that user that can't logon. This is what i got with 
some commands:

    fileserver:~# net groupmap list
    Domain Admins (S-1-5-21-874179082-3571801642-3889913597-512) ->
    Domain Admins
    Domain Users (S-1-5-21-874179082-3571801642-3889913597-513) ->
    Domain Users
    Domain Guests (S-1-5-21-874179082-3571801642-3889913597-514) ->
    Domain Guests
    Domain Computers (S-1-5-21-874179082-3571801642-3889913597-515) ->
    Domain Computers
    Administrators (S-1-5-32-544) -> Administrators
    Account Operators (S-1-5-32-548) -> Account Operators
    Print Operators (S-1-5-32-550) -> Print Operators
    Backup Operators (S-1-5-32-551) -> Backup Operators
    Replicators (S-1-5-32-552) -> Replicators
    admfin (S-1-5-21-874179082-3571801642-3889913597-3001) -> admfin
    industrial (S-1-5-21-874179082-3571801642-3889913597-3003) -> industrial
    qualidade (S-1-5-21-874179082-3571801642-3889913597-3019) -> qualidade
    todos (S-1-5-21-874179082-3571801642-3889913597-3023) -> todos
    infra (S-1-5-21-874179082-3571801642-3889913597-47827) -> infra
    diretoria (S-1-5-21-874179082-3571801642-3889913597-17759) -> diretoria
    comercial (S-1-5-21-874179082-3571801642-3889913597-90607) -> comercial
    instalacao (S-1-5-21-874179082-3571801642-3889913597-111769) ->
    instalacao
    atendimento (S-1-5-21-874179082-3571801642-3889913597-68367) ->
    atendimento
    veltrac (S-1-5-21-874179082-3571801642-3889913597-3031) -> software
    hardware (S-1-5-21-874179082-3571801642-3889913597-3021) -> hardware
    mapas (S-1-5-21-874179082-3571801642-3889913597-120591) -> mapas
    importacao (S-1-5-21-874179082-3571801642-3889913597-130555) ->
    importacao
    fileserver:~# net getlocalsid
    SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
    fileserver:~# net getdomainsid
    SID for local machine DOMINIO is:
    S-1-5-21-874179082-3571801642-3889913597
    SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597

Apparently, the domain sid matchs with most part of the groups sid. can 
you guys see something wrong here?

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro at veltrac.com.br <mailto:lscarneiro at veltrac.com.br>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/



Leonardo Carneiro escreveu:
> The database from ldap was a copy from another domain, that existed in 
> another network. i've done a slapcat in the old domain and did a 
> slapadd in this new one (both domain have the same name). But this 
> happened about 2 years ago. After a samba and ldap upgrade via 
> apt-get, the duplicated domains message start to pop (abouth 3 months 
> ago). Just now i've solved, but now, this =S.
>
> I'll try some of the stuff you guys sugested me.
>
> tks and sorry for my poor english.
>
> *Leonardo de Souza Carneiro*
> *Veltrac - Tecnologia em Logística.*
> lscarneiro at veltrac.com.br <mailto:lscarneiro at veltrac.com.br>
> http://www.veltrac.com.br <http://www.veltrac.com.br/>
> /Fone Com.: (43)2105-5601/
> /Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
> /Londrina- PR/
> /Cep: 86015-010/
>
>
>
> David Whitney escreveu:
>> Unless I've blown my memory on Windows internals, each user's SID is
>> comprised of the domain's SID, then a "self-refential" RID portion. That
>> means a user from the domain DOMINIOS should NOT have what amounts to a
>> "prefix" that looks as though it came from a different domain. But 
>> unless
>> I'm mistaken, your logs are telling you exactly that - the domain 
>> portion of
>> the group and user SID's indicate different domains, and that 
>> indicates a
>> problem.
>>
>> One theory is that perhaps your domain was created, groups and users 
>> were
>> created, but then for some reason your domain SID changed, and 
>> perhaps that
>> led to your described duplicate domain entry (?) problem.
>>
>> Anyway, I'd take a look at the SIDS of other users and groups and see if
>> this problem exists for other users or groups on your domain.
>>
>> -David
>>   


More information about the samba mailing list