[Samba] 3.6.23-36.el6_8 and 4.2.10 = SIDs interoperability problem?
lejeczek
peljasz at yahoo.co.uk
Mon Oct 24 20:23:44 UTC 2016
hi people
I have in userdb LDAP backend this one user (and many others):
(raw ldap):
# user243, People, xxzz.tech
dn: uid=user243,ou=People,dc=xxzz,dc=tech
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: user243
homeDirectory: /home/user243
loginShell: /bin/bash
sambaLogonTime: 0
sambaLogoffTime: 2147483647
gecos: Some User
sambaPwdCanChange: 2147483647
mail: user243 at xxzz.tech
sn: User
cn: Some User
givenName: Some
displayName: Some User
gidNumber: 513
uidNumber: 1177
sambaSID: S-1-5-21-2925918746-2661067204-1764633667-2002
sambaLMPassword: ED84DDFFD9A97C2ECA922D8A7EE0CA0B
sambaAcctFlags: [U]
sambaNTPassword: 079073B583031A7AAE5D5C2D049FC05A
userPassword::
e1NTSEF9TEl6QXB1TEpkNDZ6N1hxWFFiNFhTWUtxbXZKcmMwOTU=
shadowLastChange: 17038
shadowWarning: 4
shadowExpire: 17449
shadowMax: 99999
sambaKickoffTime: 1507597200
sambaPwdLastSet: 1476091342
sambaPwdMustChange: 2147483647
shadowMin: 99999
now, one server (4.2.10) fails, smbclient locally:
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
pdbedit -v ...
Primary group S-1-5-21-2925918746-2661067204-1764633667-513
for user user243 is a UNKNOWN and not a domain group
Forcing Primary Group to 'Domain Users' for user243
..but remaining info gets shown.
Another server (3.6.23-36.el6_8) which is PDC (it's not AD
setup) has no problems whatsoever.
Before you ask for logs, when I do smbclient or pdbedit on
failing (4.2.) server then nothing gets logged, even with
level 10 of debugging.
Only journald logs:
0, pid=37787, effective(0, 0), real(0, 0), class=auth]
../source3/auth/check_samsec.c:494(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_INVALID_SID'
Every help most appreciated.
L.
More information about the samba
mailing list