[Samba] Primary Group SID incorrect - ahhhh

Chris Beach chrisb at pintys.com
Wed Nov 24 12:33:59 MST 2010


Thanks, I tried adding that index to my slapd.conf and running slapindex,
but it's looking like I'm still stuck in the same spot :(

If I run:

*/usr/sbin/smbldap-usershow chris*

*dn: uid=chris,ou=Users,dc=orgon,dc=com
sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-752822123-513*

So I know LDAP has the correct domain SID for the sambaSID and
sambaPrimaryGroupSID

net groupmap list also shows correct SID mappings:

*net groupmap list*

*Domain Admins (S-1-5-21-3318375643-2463009161-752822123-512) -> Domain
Admins
Domain Users (S-1-5-21-3318375643-2463009161-752822123-513) -> Domain Users
Domain Guests (S-1-5-21-3318375643-2463009161-752822123-514) -> Domain
Guests
Domain Computers (S-1-5-21-3318375643-2463009161-752822123-515) -> Domain
Computers*

yet the damned pdbedit shows the incorrect Primary Group Sid:

*pdbedit -v chris*
*
Unix username:        chris
NT username:          chris
Account Flags:        [U          ]
User SID:             S-1-5-21-3318375643-2463009161-752822123-3028
Primary Group SID:    S-1-5-21-3870114210-992129106-2167290520-513*


On Wed, Nov 24, 2010 at 12:40 PM, Dale Schroeder <
dale at briannassaladdressing.com> wrote:

>  Long shot, but see LDAP Changes in Samba-3.0.23<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html#id2579275>
> just in case.
>
> Dale
>
>
> On 11/24/2010 8:33 AM, Chris Beach wrote:
>
> I apologize, I somehow hit send in gmail and my message got prematurely
> sent, here it is in it's entirety:
>
> Hi,
>
> I'm running 3.0.33-3.29.el5_5.1 .. migrating from 3.0.21a with an LDAP
> back-end. I've use slapadd to import the LDIF file I've exported from my
> original samba server, but it seems like samba isn't grabbing the Primary
> Group SID from the ldif file. For Example:
>
> dn: uid=chris,ou=Users,dc=orgon,
>
>  dc=com
> sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
> sambaPrimaryGroupSID: *S-1-5-21-3318375643-2463009161-752822123-513*
> displayName: Chris
> creatorsName: cn=Manager,dc=orgon,dc=com
>
> I'll import this ldif file, but then when I run:
>
> pdbedit -v chris
>
> Unix username:        chris
> NT username:          chris
> Account Flags:        [U          ]
> User SID:             S-1-5-21-3318375643-2463009161-752822123-3028
> Primary Group SID:    *S-1-5-21-3870114210-992129106-2167290520-513*
> Full Name:            Chris
>
> Notice how the Primary Group SID is different?
>
>           net getdomainsid
>          SID for domain HAPPINESS3 is:
> S-1-5-21-3870114210-992129106-2167290520
>          SID for domain ORGON is: S-1-5-21-3318375643-2463009161-752822123
>
> it seems to be using the local SID rather then domain SID from the ldif
> file. I've got another server with an older version of samba which DOES use
> the primary group SID from the ldif file when imported, I'm not sure if
> samba changed how it uses it (seems like it might have from here: hxxp://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3323463),
> but I can't figure out how to correct it.
>
> Any help is REALLY appreciated, I've been stuck since last week on this.
>
>
> On Wed, Nov 24, 2010 at 9:28 AM, Chris Beach <chrisb at pintys.com> <chrisb at pintys.com> wrote:
>
>
>  Hi,
>
> I'm running 3.0.33-3.29.el5_5.1 .. migrating from 3.0.21a with an LDAP
> back-end. I've use slapadd to import the LDIF file I've exported from my
> original samba server, but it seems like samba isn't grabbing the Primary
> Group SID from the ldif file. For Example:
>
> dn: uid=chris,ou=Users,dc=orgon,dc=com
> sambaSID: S-1-5-21-3318375643-2463009161-752822123-3028
> sambaPrimaryGroupSID: *S-1-5-21-3318375643-2463009161-752822123-513*
> displayName: Chris
> creatorsName: cn=Manager,dc=orgon,dc=com
>
> I'll import this ldif file, but then when I run:
>
> pdbedit -v chris
>
> Unix username:        chris
> NT username:          chris
> Account Flags:        [U          ]
> User SID:             S-1-5-21-3318375643-2463009161-752822122-3028
> Primary Group SID:    *S-1-5-21-3870114210-992129106-2167290520-513*
> Full Name:            Chris
>
> Notice how the Primary Group SID is different?
>
>
>


-- 
Chris Beach
IT Analyst


More information about the samba mailing list