[Samba] The primary group domain sid(...) does not match the domain sid(.) for user(...)
Ryan
rlichtenwalter at gmail.com
Wed Jul 31 16:04:18 UTC 2019
Also, "force group" works just fine, not resulting in the same issue, but
the groups do not exist in the AD, whereas the usernames do. Also, whether
"force user" is set with <user> or DOMAIN\<user>, I still have the same
problem.
On Wed, Jul 31, 2019 at 11:58 AM Ryan <rlichtenwalter at gmail.com> wrote:
> I have a domain member server running totally separate authorization
> against an LDAP server independent of the domain.
>
> Refer to the email chain "[Samba] WBC_ERR_DOMAIN_NOT_FOUND error with
> RFC2307" for more details if necessary.
>
> All user and group authentication against the AD server works correctly,
> and all user and group authorization using the LDAP server works correctly
> with my custom script, the brief and simple source of which is included
> above. For shares that use "force user", however, users are not authorized
> correctly, and I get an error such as "The primary group domain sid(...)
> does not match the domain sid(.) for user(...)". This occurs even if the
> connecting user is the same as the user defined by "force user" and in
> cases where the connecting user would otherwise be able to access the share.
>
> Why is this happening? How can I correct this?
>
> Ryan
>
More information about the samba
mailing list