[Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch
Andrew Bartlett
abartlet at samba.org
Fri Jun 21 01:58:20 MDT 2013
On Thu, 2013-06-20 at 10:26 +0200, Philipp Lies wrote:
> Hi,
>
> I'm trying to get my new samba server running for a few days now and I
> start losing my mind over not figuring out what I'm doing wrong. Here's
> my setup:
>
> OpenLDAP 2.4.21 server with ~15 groups and >100 users, all having a unix
> and a samba NT password stored in the LDAP as well as a User SID and
> Primary Group SID assigned and stored in the LDAP, derived from the SID
> of the LDAP Server.
>
> Now I want several samba servers to use the LDAP server to authenticate
> users.
If you want multiple samba servers to use the same LDAP backend, they
essentially all need to be domain controllers of the same domain. This
is the supported way to have a single backend shared between multiple
servers.
You don't need to ever use the DC function from windows clients, but the
servers need to think they are a DC.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list