[Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch

Luca Olivetti luca at wetron.es
Sat Jun 22 07:46:49 MDT 2013

Al 20/06/13 17:12, En/na Gaiseric Vandal ha escrit:

> If you want to centralize the samba accounts I think the proper way
> would be to  use member servers.

Just yesterday I had the same problem with a member server (running
samba 3.6.15), pointing to the ldap server on the domain controller (3.5.2).
No matter what I did, "net setlocalsid" seemed to do nothing.
I don't remember what I did to finally solve it, I only know that I
deleted secrets.tdb (and/or the rest of the tdb files) a million times,
deleting the domain for the new server in ldap, and trying to set the
localsid before joining the domain, and finally the member server got
the same sid as the domain (also stored in ldap).
I'm not convinced it's 100% working yet, (e.g. smbclient -L shows the
workgroup but not the master) but at least it doesn't complain and I can
see its shares.
The funny thing is, I have another member server, which has been working
fine (samba 3.5.6) for a while, yet yesterday, while trying to debug the
new server, I discovered it complained about the same sid mismatch.

Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007

More information about the samba mailing list