[Samba] Samba and LDAP authentication backend
Karel Lang AFD
lang at afd.cz
Thu Sep 11 09:26:48 MDT 2014
Hi,
do you want it add like for what purpose?
Like BDC to your existing PDC? If so, i think the domain SID of PDC and
BDC should be same.
Rowland from list pointed to me not so long ago the differnce between:
net getlocalsid
and
net getdomainsid
I think the 'net getdomainsid' should be same on both servers.
Can you check it out?
cheers,
On 09/11/2014 04:42 PM, srtt.be - Michel Lombart wrote:
> Hello,
>
> I'm facing a weird problem and I really do not know where I can find how
> to debug it.
>
> Since some years, we have a LDAP server ( Debian 6 and OpenLDAP 2.4.23 )
> and a Samba server ( Debian 6 and Samba 3.5.6 ). They work pefectly well
> in a workgroup. The LDAP server is also used for some other applications
> like Squid, Zimbra, ...
>
> Now, we would to add a second Samba server ( Debian 7 and Samba 3.6.6 ).
> After having set up the server as I did for the other one, any login is
> allowed for LDAP users.
>
> On the console, getenv passwd works perfectly, but the users list in the
> Samba module of Webmin is empty while the group list is correct ! Both
> are correct in the older Samba.
>
> In Samba's log, I see errors like :
>
> The primary group domain sid(S-.... ) does not match the domain
> sid(S-... ) for username(S-...)
>
> and :
>
> [2014/09/11 15:07:29.548824, 2] auth/auth.c:319(check_ntlm_password)
> check_ntlm_password: Authentication for user [username] ->
> [username] FAILED with error NT_STATUS_UNSUCCESSFUL
>
> Where can I find more debugging info ? Do you have any idea of what I'm
> missing.
>
> Thank for your help.
>
> Michel
More information about the samba
mailing list