[Samba] Samba LDAP troubleshooting

Adam Williams awilliam at mdah.state.ms.us
Tue Mar 17 17:47:28 GMT 2009 

well the user's sid is invalid.  does it match the domain's sid with net 
getdomainsid?

Brad C wrote:
> Hello
>
> I'm hoping someone can provide some insight, sample snippet from smb.conf
> and the samba log.
> Password authentication is working & succeeding, complains about an invalid
> SID which I know is the trust relationship that is formed between server and
> client, this is a duplicate ldap database from a samba domain controller.
>
> On the topic, anyone have a good book to recommend on Samba, I feel I am
> only using 10% of its capability and not really well at that... something is
> staring me in the face and Im missing it.
>
> [global]
>         workgroup = companyx
>         printing = cups
> hosts allow = 192.168.1.        printcap name = cups
>         printcap cache time = 750
>         cups options = raw
>         map to guest = Bad User
>         include = /etc/samba/dhcp.conf
>         security = user
>         encrypt passwords = Yes
>         obey pam restrictions = No
>         log level = 2
>         passdb backend = ldapsam:ldap://127.0.0.1/
>         ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
>         ldap suffix = dc=companyx,dc=co,dc=za
>         ldap group suffix = ou=Groups
>         ldap user suffix = ou=Users
>         ldap machine suffix = ou=Computers
>         ldap idmap suffix = ou=Users
>         ldap ssl = off
>         ldap delete dn = Yes
>
> [testdir]
>     comment = test1
>     path = "/data/test"
>     browseable = yes
>     writable = yes
>     read only = no
>     available = yes
>     valid users = bradleyc
>     admin users = bradleyc
>
>
>
> [2009/03/13 08:36:39,  2]
> lib/access.c:check_access(406)
>
>   Allowed connection from __ffff_192.168.2.154
> (::ffff:192.168.2.154)
>
> [2009/03/13 08:36:39,  2]
> lib/smbldap.c:smbldap_open_connection(796)
>
>   smbldap_open_connection: connection
> opened
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>
>   init_sam_from_ldap: Entry found for user:
> bradleyc
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 1010
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 512
>
> [2009/03/13 08:36:39,  2]
> auth/auth.c:check_ntlm_password(308)
>
>   check_ntlm_password:  authentication for user [bradleyc] -> [bradleyc] ->
> [bradleyc] succeeded
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 544
>
> [2009/03/13 08:36:39,  2]
> lib/access.c:check_access(406)
>
>   Allowed connection from ::ffff:192.168.2.154
> (::ffff:192.168.2.154)
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_sam_from_ldap(571)
>
>   init_sam_from_ldap: Entry found for user:
> bradleyc
>
> [2009/03/13 08:36:39,  2]
> passdb/pdb_ldap.c:init_group_from_ldap(2344)
>
>   init_group_from_ldap: Entry found for group:
> 513
>
> [2009/03/13 08:36:39,  0]
> passdb/passdb.c:lookup_global_sam_name(595)
>
>   User bradleyc with invalid SID
> S-1-5-21-1571991244-1820204139-1100571284-3420 in
> passdb
> [2009/03/13 08:36:39,  2]
> smbd/service.c:make_connection_snum(736)
>
>   user 'bradleyc' (from session setup) not permitted to access this share
> (testdir)
>

More information about the samba mailing list