[Samba] Samba and LDAP authentication backend

Karel Lang AFD lang at afd.cz
Thu Sep 11 09:26:48 MDT 2014

do you want it add like for what purpose?

Like BDC to your existing PDC? If so, i think the  domain SID of PDC and 
BDC should be same.

Rowland from list pointed to me not so long ago the differnce between:
net getlocalsid
net getdomainsid

I think the 'net getdomainsid' should be same on both servers.
Can you check it out?


On 09/11/2014 04:42 PM, srtt.be - Michel Lombart wrote:
> Hello,
> I'm facing a weird problem and I really do not know where I can find how
> to debug it.
> Since some years, we have a LDAP server ( Debian 6 and OpenLDAP 2.4.23 )
> and a Samba server ( Debian 6 and Samba 3.5.6 ). They work pefectly well
> in a workgroup. The LDAP server is also used for some other applications
> like Squid, Zimbra, ...
> Now, we would to add a second Samba server ( Debian 7 and Samba 3.6.6 ).
> After having set up the server as I did for the other one, any login is
> allowed for LDAP users.
> On the console, getenv passwd works perfectly, but the users list in the
> Samba module of Webmin is empty while the group list is correct ! Both
> are correct in the older Samba.
> In Samba's log, I see errors like :
> The primary group domain sid(S-.... ) does not match the domain
> sid(S-... ) for username(S-...)
> and :
> [2014/09/11 15:07:29.548824,  2] auth/auth.c:319(check_ntlm_password)
>    check_ntlm_password:  Authentication for user [username] ->
> [username] FAILED with error NT_STATUS_UNSUCCESSFUL
> Where can I find more debugging info ? Do you have any idea of what I'm
> missing.
> Thank for your help.
> Michel

More information about the samba mailing list