[Samba] SID of member server in Samba domain (smbldap_search_domain_info: NT_STATUS_UNSUCCESSFUL)
Márcio Merlone
marcio.merlone at a1.ind.br
Mon Nov 3 11:57:37 MST 2014
On 02-11-2014 15:00, MI wrote:
> The PDC runs Samba 3.5.6 on Debian Squeeze. Sid queries return:
> # net getdomainsid
> SID for local machine MY_PDC_HOST is:
> S-1-5-21-4174501313-1202754954-1084205825
> SID for domain MY_DOMAIN is: S-1-5-21-4174501313-1202754954-1084205825
(...)
> The other server runs Samba 3.6.6 on Debian stable ("Wheezy"). At
> first, it wouldn't let me access it's shares, and SID queries returned:
> # net getdomainsid
> SID for local machine OTHER is:
> S-1-5-21-2241737573-1899521008-914752976
> SID for domain MY_DOMAIN is: S-1-5-21-4174501313-1202754954-1084205825
(...)
> But the log file complained about mismatched domain SIDs, and wouldn't
> let me authenticate:
> auth/server_info.c:386(samu_to_SamInfo3)
> The primary group domain
> sid(S-1-5-21-2241737573-1899521008-914752976-513)
> does not match the domain
> sid(S-1-5-21-4174501313-1202754954-1084205825) for
> mi(S-1-5-21-4174501313-1202754954-1084205825-3000)
Hi,
I'm not a samba guru, but I believe your group's SID is wrong:
*S-1-5-21-4174501313-1202754954-1084205825* ->Domain SID
*S-1-5-21-4174501313-1202754954-1084205825*-3000 -> User SID
*S-1-5-21-2241737573-1899521008-914752976*-513 -> Group SID
AFAIK, domain groups and users must match their SID with the domain, so
I think your group SID should be:
S-1-5-21-4174501313-1202754954-1084205825-513
Samba boffins will correct me if wrong.
Best regards.
--
*Marcio Merlone*
More information about the samba
mailing list