[Samba] Failed to find a Unix account
walk2sun at arcor.de
Thu Nov 28 10:51:38 MST 2013
On 16:36:16 wrote gandalf istari:
> Hi all,
> I'm looking now for day's for this problem but i don't find the
> solution. I have tried several solutions/setup like:
> I have a working ldap server for my mail-server and want to extend
> this to a samba server also.
> when a user connect (without success) I see this error in the logs:
> Nov 28 09:24:44 app-04 smbd: [2013/11/28 09:24:44.700295, 0]
> Nov 28 09:24:44 app-04 smbd: Failed to find a Unix account
> for testcheck_sam_security: make_server_info_sam() failed with
> Running getent passwd show me all the ldap users
> running pdbedit -L -v
> Unix username: test
> NT username: test
> Account Flags: [U ]
> User SID: S-1-5-21-3736572231-1434995096-3231833993-3012
> Primary Group SID: S-1-5-21-3736572231-1434995096-3231833993-513
> I have populated the ldap through smbldap-populate.
> smbldap-usershow test give's also the right information.
> [root at xxx samba]# id test
> uid=1006(test) gid=503(samba) groups=503(samba),513(Domain Users)
> Help would be more than welcome.
This comes from the smbldap-tools :-( A primary group sid for each users
is set and this is mostly wrong.
# id hjede
uid=1069(hjede) gid=1001(teachers) Gruppen=1001(teachers)
my primary unix goup is teachers
# pdbedit -L -v hjede |egrep 'Unix username|NT username|Primary Group
Unix username: hjede
NT username: hjede
Primary Group SID: <domainsid>-3003
In windows/samba world my primary group is <domainsid>-3003. And this is
mapt on my gidnumber 1001 in openldap.
# ldapsearch -xLLL cn=teachers gidnumber sambasid
gidnumber in openldap is gid in unix
and you have an other "failure" in your group mapping:
513(Domain Users) in your test account is a secondary group, but in
windows/samba world it'a primary group. Primary groups should have no
members at all.
More information about the samba