[Samba] Samba v3 works with LDAP, but not Samba v4

Harry Jede walk2sun at arcor.de
Fri Oct 19 09:37:25 UTC 2018


Am Dienstag, 16. Oktober 2018, 20:20:49 CEST schrieb Emil Henry via 
samba:
> Hi Andrew!
> 
> I am not 100% sure that the password is correct. I was told that it
> was changed to the one I am testing.
To be unsure is bad in our business.

Their maybe three password stored in ldap for a regular user.


> But, when I try the old
> password, I get a different error message (NT_STATUS_INVALID_SID).
I assume that your server was working before you upgrade to 4.7.1

Until now we dont know if the admin password is correct, so we use 
anonymous bind for ldap.


Invalid Sid happens often on upgrading. If for any reason i.e. wrong ldap 
admin password smbd can not read ldap db.

TRY:
# ldapsearch -xLLL 'sambadomainname=*' sambaDomainName sambaSID
dn: sambaDomainName=SCHULE,dc=afrika,dc=xx
sambaDomainName: SCHULE
sambaSID: S-1-5-21-1507708399-2130971284-2230424465

These sid is your domain sid. Compare it with the sid samba uses:
# net getdomainsid
SID for local machine ALIX is: 
S-1-5-21-1507708399-2130971284-2230424465
SID for domain SCHULE is: S-1-5-21-1507708399-2130971284-2230424465

you may wish to verify your account sids:
# ldapsearch -xLLL 'sambasid=S-1-5-21*' sambaSID|less


"man net" will give you the command to reset the domain sid to the old 
one.

> I
> will attached the output.
> 
> I added the 'ntlm auth = yes' to the smb.conf. How would I change the
> client?
> 
> The version of Samba that we are running is 4.7.1, which is the latest
> version that is available in the yum repository.
> 
> Thanks.


-- 

Gruss
	Harry Jede


More information about the samba mailing list