[Samba] Primary Group SID incorrect - ahhhh
Chris Beach
chrisb at pintys.com
Wed Nov 24 12:33:59 MST 2010
Thanks, I tried adding that index to my slapd.conf and running slapindex,
but it's looking like I'm still stuck in the same spot :(
If I run:
*/usr/sbin/smbldap-usershow chris*
*dn: uid=chris,ou=Users,dc=orgon,dc=com
sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-752822123-513*
So I know LDAP has the correct domain SID for the sambaSID and
sambaPrimaryGroupSID
net groupmap list also shows correct SID mappings:
*net groupmap list*
*Domain Admins (S-1-5-21-3318375643-2463009161-752822123-512) -> Domain
Admins
Domain Users (S-1-5-21-3318375643-2463009161-752822123-513) -> Domain Users
Domain Guests (S-1-5-21-3318375643-2463009161-752822123-514) -> Domain
Guests
Domain Computers (S-1-5-21-3318375643-2463009161-752822123-515) -> Domain
Computers*
yet the damned pdbedit shows the incorrect Primary Group Sid:
*pdbedit -v chris*
*
Unix username: chris
NT username: chris
Account Flags: [U ]
User SID: S-1-5-21-3318375643-2463009161-752822123-3028
Primary Group SID: S-1-5-21-3870114210-992129106-2167290520-513*
On Wed, Nov 24, 2010 at 12:40 PM, Dale Schroeder <
dale at briannassaladdressing.com> wrote:
> Long shot, but see LDAP Changes in Samba-3.0.23<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html#id2579275>
> just in case.
>
> Dale
>
>
> On 11/24/2010 8:33 AM, Chris Beach wrote:
>
> I apologize, I somehow hit send in gmail and my message got prematurely
> sent, here it is in it's entirety:
>
> Hi,
>
> I'm running 3.0.33-3.29.el5_5.1 .. migrating from 3.0.21a with an LDAP
> back-end. I've use slapadd to import the LDIF file I've exported from my
> original samba server, but it seems like samba isn't grabbing the Primary
> Group SID from the ldif file. For Example:
>
> dn: uid=chris,ou=Users,dc=orgon,
>
> dc=com
> sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
> sambaPrimaryGroupSID: *S-1-5-21-3318375643-2463009161-752822123-513*
> displayName: Chris
> creatorsName: cn=Manager,dc=orgon,dc=com
>
> I'll import this ldif file, but then when I run:
>
> pdbedit -v chris
>
> Unix username: chris
> NT username: chris
> Account Flags: [U ]
> User SID: S-1-5-21-3318375643-2463009161-752822123-3028
> Primary Group SID: *S-1-5-21-3870114210-992129106-2167290520-513*
> Full Name: Chris
>
> Notice how the Primary Group SID is different?
>
> net getdomainsid
> SID for domain HAPPINESS3 is:
> S-1-5-21-3870114210-992129106-2167290520
> SID for domain ORGON is: S-1-5-21-3318375643-2463009161-752822123
>
> it seems to be using the local SID rather then domain SID from the ldif
> file. I've got another server with an older version of samba which DOES use
> the primary group SID from the ldif file when imported, I'm not sure if
> samba changed how it uses it (seems like it might have from here: hxxp://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3323463),
> but I can't figure out how to correct it.
>
> Any help is REALLY appreciated, I've been stuck since last week on this.
>
>
> On Wed, Nov 24, 2010 at 9:28 AM, Chris Beach <chrisb at pintys.com> <chrisb at pintys.com> wrote:
>
>
> Hi,
>
> I'm running 3.0.33-3.29.el5_5.1 .. migrating from 3.0.21a with an LDAP
> back-end. I've use slapadd to import the LDIF file I've exported from my
> original samba server, but it seems like samba isn't grabbing the Primary
> Group SID from the ldif file. For Example:
>
> dn: uid=chris,ou=Users,dc=orgon,dc=com
> sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
> sambaPrimaryGroupSID: *S-1-5-21-3318375643-2463009161-752822123-513*
> displayName: Chris
> creatorsName: cn=Manager,dc=orgon,dc=com
>
> I'll import this ldif file, but then when I run:
>
> pdbedit -v chris
>
> Unix username: chris
> NT username: chris
> Account Flags: [U ]
> User SID: S-1-5-21-3318375643-2463009161-752822122-3028
> Primary Group SID: *S-1-5-21-3870114210-992129106-2167290520-513*
> Full Name: Chris
>
> Notice how the Primary Group SID is different?
>
>
>
--
Chris Beach
IT Analyst
More information about the samba
mailing list