[Samba] Something weird about pdbedit.

Wed Feb 11 09:39:10 GMT 2009

Hi !
I'm running a samba domain controler under rhel 5. It's version 
3.0.33-3.7.el5.
I've also installed a ldap server to store users and groups and so on.
When I try a pdbedit -v david, I get the following :

Unix username:        david
NT username:          david
Account Flags:        [U          ]
User SID:             S-1-5-21-215069222-2822928016-2390355089-1016
Finding user david
Trying _Get_Pwnam(), username as lowercase is david
Get_Pwnam_internals did find user [david]!
smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter => 
[(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2]
init_group_from_ldap: Entry found for group: 666
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter => 
[(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwsid: Unable to locate SID 
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter => 
[(&(objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2]
init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Primary Group SID:    S-1-5-21-215069222-2822928016-2390355089-666
Full Name:            david

The weird thing is ldapsam_getsampwsid: Unable to locate SID

I think I made a mistake when creating both unix groups and samba groups.
Here is how the unix group is defined :

dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666

Here is how the samba group is defined :

dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
 1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666

And here is what the user's definition :

dn: uid=david,ou=SambaUsers,BASEDN
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: david
sn: david
givenName: david
uid: david
uidNumber: 1016
homeDirectory: /smbhome/users/david/samba
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: david
sambaLogonScript: logon.bat
sambaProfilePath: \\DOMAIN_SERVER\profiles\david
sambaHomePath: \\DOMAIN_SERVER\david
sambaHomeDrive: P:
sambaLMPassword: PLOP
sambaNTPassword: PLOP
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
 0000000000
sambaPwdLastSet: 1228486572
userPassword: {SSHA}PLOP
sambaAcctFlags: [U          ]
sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
gidNumber: 666
sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666

Of course, I've obfuscated what I found that has not point with my problem !

I think that the problem comes from the groups, both the unix one and the 
samba one, but I don't know how to fix it.
If anyone could tell me what I could to to correct this, that would be great !
I hope I've given enough informations, but if you think I should give more, 
fell free to ask. I'd really like to get rid of this anoying message.
Thanks in advance !