[Samba] Migration Samba3 -> Samba4: Accessing domain member server is not working
roland.schwingel at onevision.com
Mon Jul 6 10:33:56 UTC 2015
Thanks for your reply,
Rowland Penny <rowlandpenny241155 at gmail.com> wrote on 06.07.2015 10:03:20:
> > In the first 2 lines of the log I see the SIDs dumped.
> > Both for my domain and for my member server.
> > SID for local machine OSUSE-TEST is:
> > S-1-5-21-1853263269-3041869306-167322181
> > SID for domain MYDOM is: S-1-5-21-290147797-1639656955-1287535205
> > Join to 'MYDOM' is OK
> > According to my LDAP the sid for my test member server (OSUSE-TEST)
> > should be S-1-5-21-290147797-1639656955-1287535205-61405
> Just what do you mean by 'According to my LDAP' ?
> Have *you* set the SID somewhere?
We have a quite big LDAP and DNS setup. This is one reason why we can't
switch to samba as AD right now. I made a little php script a decade ago
which is hooked in as "add machine script" to my PDC. This script
searches for a free domain sid and creates a machine account in LDAP.
This works very fine for many years now.
The sid for MYDOM is:
The sid for my domain member server in this domain is therefore:
Here is the ldif for my still not working member server:
# osuse-test$, computers, samba, mydom.com
sambaAcctFlags: [WX ]
I have bootstrapped my samba member server before joining the domain with
net setdomainsid S-1-5-21-290147797-1639656955-1287535205
during net rpc join the domainsid ending in -61405 was generated by my
php script and written to ldap.
On my memberserver I get the following output of these commands:
net getlocalsid => S-1-5-21-1853263269-3041869306-167322181
net getdomainsid => S-1-5-21-290147797-1639656955-1287535205
Is there no way to detect on my PDC what is the problem. Why is my PDC
Samba rejecting my samba member server...?
Thanks for your help again,
More information about the samba