[Samba] Failed to find a Unix account

Harry Jede walk2sun at arcor.de
Thu Nov 28 10:51:38 MST 2013 

On 16:36:16 wrote gandalf istari:
> Hi all,
> 
> I'm looking now for day's for this problem but i don't find the
> solution. I have tried several solutions/setup like:
> https://lists.samba.org/archive/samba/2011-May/162571.html
> 
> I have a working ldap server for my mail-server and want to extend
> this to a samba server also.
> 
> when a user connect (without success) I see this error in the logs:
> 
> Nov 28 09:24:44 app-04 smbd[11865]: [2013/11/28 09:24:44.700295,  0]
> passdb/lookup_sid.c:1684(get_primary_group_sid)
> 
> Nov 28 09:24:44 app-04 smbd[11865]:   Failed to find a Unix account
> for testcheck_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> 
> 
> Running getent passwd show me all the ldap users
> 
> running pdbedit -L -v
> 
> Unix username:        test
> 
> NT username:          test
> 
> Account Flags:        [U          ]
> 
> User SID:             S-1-5-21-3736572231-1434995096-3231833993-3012
> 
> Primary Group SID:    S-1-5-21-3736572231-1434995096-3231833993-513
> 
> ....
> 
> 
> I have populated the ldap through smbldap-populate.
> 
> smbldap-usershow test give's also the right information.
> 
> 
> [root at xxx samba]# id test
> 
> uid=1006(test) gid=503(samba) groups=503(samba),513(Domain Users)
> 
> 
> Help would be more than welcome.
This comes from the smbldap-tools :-( A primary group sid for each users 
is set and this is mostly wrong.

# id hjede
uid=1069(hjede) gid=1001(teachers) Gruppen=1001(teachers)

my primary unix goup is teachers

# pdbedit -L -v hjede |egrep 'Unix username|NT username|Primary Group 
SID'
Unix username:        hjede
NT username:          hjede
Primary Group SID:    <domainsid>-3003

In windows/samba world my primary group is <domainsid>-3003. And this is 
mapt on my gidnumber 1001 in openldap.

# ldapsearch -xLLL cn=teachers gidnumber sambasid
dn: cn=teachers,ou=groups,dc=europaschule,dc=do,dc=nw,dc=schule,dc=de
gidNumber: 1001
sambaSID: <domainsid>-3003

gidnumber in openldap is gid in unix


and you have an other "failure" in your group mapping:

513(Domain Users) in your test account is a secondary group, but in 
windows/samba world it'a primary group. Primary groups should have no 
members at all.

-- 

Regards
	Harry Jede

More information about the samba mailing list