[Samba] Something weird about pdbedit.

Wed Mar 11 12:30:53 GMT 2009

On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote:
> Hi !
> I'm running a samba domain controler under rhel 5. It's version
> 3.0.33-3.7.el5.
> I've also installed a ldap server to store users and groups and so on.
> When I try a pdbedit -v david, I get the following :
>
> Unix username:        david
> NT username:          david
> Account Flags:        [U          ]
> User SID:             S-1-5-21-215069222-2822928016-2390355089-1016
> Finding user david
> Trying _Get_Pwnam(), username as lowercase is david
> Get_Pwnam_internals did find user [david]!
> smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
> => [(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2]
> init_group_from_ldap: Entry found for group: 666
> lookup_global_sam_rid: looking up RID 666.
> smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter =>
> [(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
> (objectclass=sambaSamAccount))], scope => [2]
> ldapsam_getsampwsid: Unable to locate SID
> [S-1-5-21-215069222-2822928016-2390355089-666] count=0
> smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
> => [(&(objectClass=sambaGroupMapping)
> (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2]
> init_group_from_ldap: Entry found for group: 666
> lookup_rids: CDTI:2
> Primary Group SID:    S-1-5-21-215069222-2822928016-2390355089-666
> Full Name:            david
>
> The weird thing is ldapsam_getsampwsid: Unable to locate SID
>
> I think I made a mistake when creating both unix groups and samba groups.
> Here is how the unix group is defined :
>
> dn: cn=cdti,ou=Group,BASEDN
> objectClass: posixGroup
> objectClass: top
> cn: cdti
> userPassword: {crypt}x
> gidNumber: 666
>
> Here is how the samba group is defined :
>
> dn: cn=CDTI,ou=Groups,BASEDN
> objectClass: top
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> cn: CDTI
> description::
> Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg==
> sambaGroupType: 2
> memberUid: david
> gidNumber: 666
> sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
>
> And here is what the user's definition :
>
> dn: uid=david,ou=SambaUsers,BASEDN
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> cn: david
> sn: david
> givenName: david
> uid: david
> uidNumber: 1016
> homeDirectory: /smbhome/users/david/samba
> loginShell: /bin/bash
> gecos: System User
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> displayName: david
> sambaLogonScript: logon.bat
> sambaProfilePath: \\DOMAIN_SERVER\profiles\david
> sambaHomePath: \\DOMAIN_SERVER\david
> sambaHomeDrive: P:
> sambaLMPassword: PLOP
> sambaNTPassword: PLOP
> sambaPasswordHistory:
> 000000000000000000000000000000000000000000000000000000 0000000000
> sambaPwdLastSet: 1228486572
> userPassword: {SSHA}PLOP
> sambaAcctFlags: [U          ]
> sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
> gidNumber: 666
> sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666
>
>
> Of course, I've obfuscated what I found that has not point with my problem
> !
>
> I think that the problem comes from the groups, both the unix one and the
> samba one, but I don't know how to fix it.
> If anyone could tell me what I could to to correct this, that would be
> great ! I hope I've given enough informations, but if you think I should
> give more, fell free to ask. I'd really like to get rid of this anoying
> message. Thanks in advance !

UP ! Noone to help me with that ?