[Samba] new user can't log

David Whitney soonerdew at gmail.com
Mon Dec 21 07:07:11 MST 2009 

Check the default group (and any others, for that matter) associated with
the users that cannot logon. If Samba sees a group with a SID not from its
own domain, it will detect a clash and fail the logon.

Mind you, this is an issue in your database that is causing new users in
*your* domain to be associated with group SIDS likely from the "legacy"
domain from which your database originated. You must purge from your
database all references to SIDS from that old domain, or variations of this
issue may recur.

Best of luck in solving the issue.

Warm regards,
David

On Dec 21, 2009 5:39 AM, "Leonardo Carneiro" <lscarneiro at veltrac.com.br>
wrote:

Hi guys.

I'm still stuck with that user that can't logon. This is what i got with
some commands:

  fileserver:~# net groupmap list
  Domain Admins (S-1-5-21-874179082-3571801642-3889913597-512) ->
  Domain Admins
  Domain Users (S-1-5-21-874179082-3571801642-3889913597-513) ->
  Domain Users
  Domain Guests (S-1-5-21-874179082-3571801642-3889913597-514) ->
  Domain Guests
  Domain Computers (S-1-5-21-874179082-3571801642-3889913597-515) ->
  Domain Computers
  Administrators (S-1-5-32-544) -> Administrators
  Account Operators (S-1-5-32-548) -> Account Operators
  Print Operators (S-1-5-32-550) -> Print Operators
  Backup Operators (S-1-5-32-551) -> Backup Operators
  Replicators (S-1-5-32-552) -> Replicators
  admfin (S-1-5-21-874179082-3571801642-3889913597-3001) -> admfin
  industrial (S-1-5-21-874179082-3571801642-3889913597-3003) -> industrial
  qualidade (S-1-5-21-874179082-3571801642-3889913597-3019) -> qualidade
  todos (S-1-5-21-874179082-3571801642-3889913597-3023) -> todos
  infra (S-1-5-21-874179082-3571801642-3889913597-47827) -> infra
  diretoria (S-1-5-21-874179082-3571801642-3889913597-17759) -> diretoria
  comercial (S-1-5-21-874179082-3571801642-3889913597-90607) -> comercial
  instalacao (S-1-5-21-874179082-3571801642-3889913597-111769) ->
  instalacao
  atendimento (S-1-5-21-874179082-3571801642-3889913597-68367) ->
  atendimento
  veltrac (S-1-5-21-874179082-3571801642-3889913597-3031) -> software
  hardware (S-1-5-21-874179082-3571801642-3889913597-3021) -> hardware
  mapas (S-1-5-21-874179082-3571801642-3889913597-120591) -> mapas
  importacao (S-1-5-21-874179082-3571801642-3889913597-130555) ->
  importacao
  fileserver:~# net getlocalsid
  SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
  fileserver:~# net getdomainsid
  SID for local machine DOMINIO is:
  S-1-5-21-874179082-3571801642-3889913597
  SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597

Apparently, the domain sid matchs with most part of the groups sid. can you
guys see something wrong here?

*Leonardo de Souza Carneiro* *Veltrac - Tecnologia em Logística.*
lscarneiro at veltrac.com.br <mailt...
Leonardo Carneiro escreveu:

> > The database from ldap was a copy from another domain, that existed in
another network. i've do...

More information about the samba mailing list