[Samba] Problem when "valid users" is used

Harry Jede walk2sun at arcor.de
Thu Sep 30 04:10:05 MDT 2010


On Donnerstag, 30. September 2010 wrote Arnaud BLONDEL - Alter Way 
Solutions:
> On 30/09/2010 10:46, Harry Jede wrote:
> > Try to run the same search as Samba does:
> >
> > ldapsearch -s sub -b "ou=Groups,dc=company,dc=com"
> > "(&(objectClass=sambaGroupMapping)(|
> > (displayName=Developpeurs)(cn=Developpeurs)))"
>
> ldapsearch -x -s sub -b 'ou=Groups,dc=company,dc=com'
> "(&(objectClass=sambaGroupMapping)(|(displayName=Developpeurs)(cn=Dev
>eloppeurs)))"
>
> dn: cn=Developpeurs,ou=Groups,dc=company,dc=com
> objectClass: top
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> cn: Developpeurs
> gidNumber: 1005
> sambaSID: S-1-5-21-1003513250-1319205365-1235820382-1015
> sambaGroupType: 2
> displayName: Developpeurs
> description: Le groupe des programmeurs
> memberUid: test
> ...
> ...
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> > Samba find this SID S-1-5-21-1003513250-1319205365-1235820382-1015
> > for your group, but according to your ldif, the SID for
> > Developpeurs is:
> > S-1-5-21-1003513250-1319205365-1235820382-101
> >
> > So you may have a duplicate entry :-( .
>
> Output is wrong, SID is
> S-1-5-21-1003513250-1319205365-1235820382-1015
OK, looks like a "copy and paste error" :-(

Look at the next error message:
(S-1-5-21-1003513250-1319205365-1235820382-1015) not in our domain --

Look up the SIDs of your Server and Domain

net getlocalsid
net getdomainsid

-- 

Gruss
	Harry Jede


More information about the samba mailing list