[Samba] invalid SID in passdb on stand-alone file server with ldapsam

Frank Van Damme frank.vandamme at gmail.com
Tue Jul 12 07:29:19 MDT 2011

2011/7/12 Frank Van Damme <frank.vandamme at gmail.com>:
> hello!
> I got some log message I can't explain. when I log in to a server it says:
> [2011/07/12 14:20:41.784580,  0] passdb/passdb.c:627(lookup_global_sam_name)
> User frvdamme with invalid SID S-1-5-21-2863620551-4077714424-203869783-5020 in
> passdb
> It's a standalone file server, no domain, and the password backend is
> (open)ldap. Samba is version 3.5.6 on Debian 6.0. Using the server
> actually works well, I can allow/deny access to shares based on groups
> etc. But I can't see user names in the security tab in Windows
> explorer (I only see the sid). As a consequence, I also can't set
> permissions from Windows.
> In fact, to be more precise, users and groups that exist locally on
> the system *do* show up in the security tab. Those in ldap do not.

OK, replying to myself: the problem turned out to be the fact that my
"samba-admin" ldap user wasn't allowed to read the sambaSID attribute.
Now onto setting permissions :-)

Frank Van Damme
No part of this copyright message may be reproduced, read or seen,
dead or alive or by any means, including but not limited to telepathy
without the benevolence of the author.

More information about the samba mailing list