thr3ads.net - samba - [Samba] Problems to join domain (clients XP send false SID !) [Jul 2008]

If this information is useful, please help other people find it:
Share via:

manu Baylac

2008-Jul-27 17:59 UTC

[Samba] Problems to join domain (clients XP send false SID !)

Hi all.
First, sorry for my poor english.

I'm using samba on debian stable  as PDC with backend ldap on a small 
network.
Sometimes, and I don't know exactly when and why,  there's a problem  
when  clients XP3
joins domain (it blocks on next window just after login while receiving 
profile , sorry I don't know the message in english version),
and this, only on 2 physical machines.

The reason is in the logs :
When the logging succeed :

[2008/07/25 14:23:03, 5] auth/auth_util.c:debug_nt_user_token(454)
 NT user token of user S-1-5-21-1992849915-3986077062-2098313537-21044
 contains 8 SIDs
 SID[  0]: S-1-5-21-1992849915-3986077062-2098313537-21044
 SID[  1]: S-1-5-21-1992849915-3986077062-2098313537-513
 SID[  2]: S-1-1-0
 SID[  3]: S-1-5-2
 SID[  4]: S-1-5-11
 SID[  5]: S-1-5-21-1992849915-3986077062-2098313537-1003
 SID[  6]: S-1-22-2-513
 SID[  7]: S-1-22-2-10002

But when the loggin fails, i can see this with the same user :

[2008/07/25 14:26:44, 10] auth/auth_util.c:debug_nt_user_token(454)
 NT user token of user S-1-5-21-1992849915-3986077062-2098313537-501
 contains 4 SIDs
 SID[  0]: S-1-5-21-1992849915-3986077062-2098313537-501
 SID[  1]: S-1-1-0
 SID[  2]: S-1-5-2
 SID[  3]: S-1-5-32-546

My user is considered like guest !??!!

I've got only 1 server, and netbios and dns parameters seems good on 
clients.

These 2 machines are ACER notebooks installed with Acer CDs. Perhaps 
something with local strategies ?


Any ideas ?

Thanks,

            Manu

kissg

2008-Jul-27 19:36 UTC

head link

[Samba] Problems to join domain (clients XP send false SID !)

First of all, try to re-join the machine to your domain. Add the machines to
a local workgroup (you can assign any name to it), then, after a reboot, try
to rejoin the machines to your domain. If this doesn't help, check user data
in the LDAP database:

id <username>

you should see something like this:

uid=10001(administrator) gid=512(Domain Admins) groups=512(Domain
Admins),513(Domain Users)

Check if the gid is:

512 for Domain Administrators
513 for Domain Users
514 for Domain Guests

This is very important, because Windows determines the primary group based
on the group id (for example, if you log in to your domain as the
"root"
user, you won't get administrator privileges on the local computer, because
the group ID for root is always zero).

Seemingly Similar Threads

Search for more maybe matching threads

samba - Jul 2008 - Problems to join domain (clients XP send false SID !)

[Samba] Problems to join domain (clients XP send false SID !)

[Samba] Problems to join domain (clients XP send false SID !)

Seemingly Similar Threads