Re: [Samba] Samba 3.6.6 - Debian 7
Hi Marco,
I use Samba + Ldapas a domain controller but after the update the
version of Debian6 to Debain 7I can't authenticate my users in the Samba
server.
logs:
[2013/05/23 08:29:55.811240, 1] auth/server_info.c:386(samu_to_SamInfo3)
The primary group domain
sid(S-1-5-21-3651478259-4121578499-3132057975-513) does not match the
domain sid(S-1-5-21-3182595135-1874831366-4239877494) for
user(S-1-5-21-3182595135-1874831366-4239877494-60012)
[2013/05/23 08:29:55.811383, 0]
auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'
# net getlocalsid
SID for domain ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
# net getdomainsid
SID for local machine ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
SID for domain PRINTERRESERVA is: S-1-5-21-3651478259-4121578499-3132057975
#pdbedit -v user
User SID: S-1-5-21-3182595135-1874831366-4239877494-60012
Primary Group SID: S-1-5-21-3651478259-4121578499-3132057975-513
You user SID is composed of the domain SID (ie
S-1-5-21-3182595135-1874831366-4239877494-60012), which is the same for
all users and groups of a domain, and the end part which is the user RID
(relative ID) -60012.
Same thing for your group SID.
So you can see here that the domain SID part of the user SID is not the
same as the domain SID S-1-5-21-3651478259-4121578499-3132057975. That
is what your debug log message basically says. I don't think that it is
just a squeeze to wheezy upgrade that would have messed'up that much
with you ldap entries. You should double check your ldap.
And take a look at samba4, it is much easier to setup and manage.
Cheers,
Denis
Thanks,
Marcos.
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
Reply to: