[Samba] Something weird about pdbedit.
BOURIAUD
david.bouriaud at ac-rouen.fr
Thu Mar 12 12:50:55 GMT 2009
On Thursday 12 March 2009 12:36:07 Harry Jede wrote:
Hi !
It is great to work with you. At least, you know what you're talking about,
which is not my case on this peculiar point.
>
> Hmmh...
> common praxis is this not. Almost all admins use test systems. May be
> some virtual systems.
I know that, but I found the mistake after the system was put in place of the
old one, and you know, what is done is done. I must go on with that.
>
> May be you have a caching daemon like nscd on your system. If so, you
> must invalidate the group cache.
> nscd -i group
> will do this normaly.
I've checked it up : no nscd daemon running on the machines. Did I write it
anywhere that the samba machine and the ldap one were not the same ? Though it
shouldn't change anything, I think it is worth say it now /o\
>
> > Is the "Unable to locate SID" normal ?
>
> Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount)
> with this rid.
> So you see, you MUST also have uniq RIDs. You cannot have a user and a
> group with identical SID/RID. This comes from the M$-World, I
> believe :-( .
>
> > And why the hell does pdbedit find two rids for CDTI since I deleted
> > all that refered to the group I deleted ?
>
> Has samba really found 2 groups with the same RID, or has samba found 2
> groups with the "same" name, ctdi and CTDI?
>
> Try a ldapsearch:
> ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666
>
> ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn
I've tried both searches, and in every case, only one entry is found, the one
that is expected. It belongs to ou=Groups and is defined like this :
dn: cn=CDTI,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm1h
dGlvbg==
sambaGroupType: 2
displayName: CDTI
gidNumber: 666
SambaSID: S-1-5-21-215069222-2822928016-2390355089-666
I've also rebuild the ldap indexes, but nothing changes this behaviour. (on
the ldap machine, as root, I went to the ldap db directory, and typed in :
$ service ldap stop && slapindex && chown ldap:ldap * && service ldap start
)
So on, with all your great help, I'll take some time to check up once again
all the configuration of both machines, the samba one and the ldap one.
Thanks again.
>
> Gruss
> Harry Jede
More information about the samba
mailing list