Hello Lads,
Problem could be smbldap-tools, im using 0.97.
I have manually set the sid on the bdc which seems to work.
I am confused because I thought net rpc getsid stored the sid from the pdc
on the bdc in secrets. I wasn't aware that net getlocalsid should return
identical results on both pdc & bdc. Please explain this - why isnt the BDC
obtaining the sid automatic as it should from LDAP.
Sorry for posting this again, but I think my last topic header people
wouldnt take it seriously. I have spoken in Samba Technical about this
issue already and beleive its either a bug with smbldap-tools or a miss
configuration problem on my system, everything is as per the docs.
If someone else has a test pdc & bdc they could try and simulate this
problem again.
I have a PDC & BDC / Master & Slave; I regularly make backups of the
LDAP
database:
Slapcat -v -l backupallusers.txt.
Both my PDC & BDC have been rebuilt from scratch, I slapadd -v -l
backupallusers.txt and I net set localsid domainsidhere for the PDC << I
get
that from the backupallusers.txt.
Smbpasswd -w secret < on both PDC & BDC
Net rpc getsid < on the BDC; Storing domain sid in secrets¡K
Now net rpc getsid gets the domain sid from the PDC.
I then slapadd -v -l backupallusers.txt on the BDC. I create a new test
account on the PDC and replicates to the BDC as expected.
The user can login to windows workstation connected to the domain.
However; if I create an account through the BDC which writes to the master
ldap database this is different and user cannot login to domain
****different User SID****
Created on the PDC
[root@node1 ~]# pdbedit -Lv asender
WARNING: The "printer admin" option is deprecated
Unix username: asender
NT username: asender
Account Flags: [U ]
User SID: S-1-5-21-3959433150-537517574-2380176113-3000
„²--------------------------------------
Primary Group SID: S-1-5-21-3959433150-537517574-2380176113-513
„²------------------------------------
Full Name: System User
Home Directory: \\192.168.0.4\asender
HomeDir Drive: H:
Logon Script: asender.bat
Profile Path: \\192.168.0.4\profiles\asender
Domain: DDESIGN
Account desc: System User
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 14:14:07 EST
Kickoff time: Tue, 19 Jan 2038 14:14:07 EST
Password last set: Sun, 05 Feb 2006 22:42:01 EST
Password can change: Sun, 05 Feb 2006 22:42:01 EST
Password must change: Tue, 19 Jan 2038 14:14:07 EST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@node1 ~]#
Backup Domain Controller
[root@node2 sbin]# ./smbldap-useradd -m -a test20
[root@node2 sbin]# pdbedit -Lv test20
Unix username: test20
NT username: test20
Account Flags: [UX ]
User SID: S-1-5-21-262279049-421990743-3931325934-3036
„²--------------------------------------
Primary Group SID: S-1-5-21-3959433150-537517574-2380176113-513
„²---------------------------------
Full Name: System User
Home Directory: \\192.168.0.4\test20
HomeDir Drive: H:
Logon Script: test20.bat
Profile Path: \\192.168.0.4\profiles\test20
Domain: DDESIGN
Account desc: System User
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 14:14:07 EST
Kickoff time: Tue, 19 Jan 2038 14:14:07 EST
Password last set: 0
Password can change: 0
Password must change: Tue, 19 Jan 2038 14:14:07 EST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@node2 sbin]#
