Chris Mason
2003-Apr-02 23:14 UTC
[Samba] no mapping between account names and security ids was done
I use a openLDAP database for authentication on my Redhat 7.2 server. The domain is "HOME". I have had no problem adding trust accounts and authenticating against it. Today I had to change the name of my Win2K workstation from poseiden to poseiden1 for compatibility with a package I am testing. Once I changed it and put in a new trust account, I could not rejoin the domain. I gave up and changed the name back. As I had deleted the trust account for poseiden, I made a new one with smbldap-useradd -w poseiden I still cannot get the machine to join the domain, I get no mapping between account names and security ids was done when I try. Tailing /var/log/samba/poseiden.log [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_connect_system(250) ldap_connect_system: succesful connection to the LDAP server [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_search_one_user(262) ldap_search_one_user: searching for:[(&(uid=poseiden1$)(objectclass=sambaAccount))] [2003/04/02 19:06:18, 0] passdb/pdb_ldap.c:pdb_getsampwnam(858) LDAP search "(&(uid=poseiden1_)(objectclass=sambaAccount))" returned 0 entries. [2003/04/02 19:06:18, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation poseiden1$: no account in domain [2003/04/02 19:06:18, 2] smbd/server.c:exit_server(461) Closing connections Chris Mason masonc@masonc.com Box 340, The Valley, Anguilla, British West Indies Tel: 264 497 5670 Fax: 264 497 8463 Cell: 264 235 5670 http://www.anguillaguide.com/ The Anguilla Guide Talk to me in real time: Yahoo:netconcepts_anguilla US Fax and Voicemail: (815)301-9759
Bas Goes
2003-Apr-03 07:30 UTC
[Samba] no mapping between account names and security ids was done
On Thu, 2003-04-03 at 06:23, lists@masonc.com wrote:> Date: Wed, 2 Apr 2003 19:14:37 -0400 > From: "Chris Mason" <lists@masonc.com> > To: <samba@lists.samba.org> > Subject: [Samba] no mapping between account names and security ids wasdone> Message-ID: <000601c2f96d$a1630d90$7300a8c0@mason.home> > Content-Type: text/plain; > charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Precedence: list > Message: 44 > Tailing /var/log/samba/poseiden.log > > [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_connect_system(250) > ldap_connect_system: succesful connection to the LDAP server > [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_search_one_user(262) > ldap_search_one_user: searching > for:[(&(uid=poseiden1$)(objectclass=sambaAccount))] > [2003/04/02 19:06:18, 0] passdb/pdb_ldap.c:pdb_getsampwnam(858) > LDAP search "(&(uid=poseiden1_)(objectclass=sambaAccount))" returned0> entries. > [2003/04/02 19:06:18, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) > get_md4pw: Workstation poseiden1$: no account in domain > [2003/04/02 19:06:18, 2] smbd/server.c:exit_server(461) > Closing connectionsHave you tried querying your ldap database? ldapsearch -x -W -D "<admin account>" -b "<searchbase>" "(&(uid=poseiden1_)(objectclass=sambaAccount))" or something like that or do a slapcat > ldapdir.tmp en search for uid=poseidon1$ in there. If it ain't there you can try making it by hand, the passwords are the machinename afaik. If it is there it could be that it has to do with your machine sid, this is just a suggestion I don't know much about SID stuff. Try some googling on secrets.tdb or just throw secrets.tdb away if it's just a test setup, it's in /var/lib/samba or /var/samba. Hope this is helpfull, I have had similar error messages in winxp for some time but with me someone pointed me at nss not looking in the right ldapbase, but that's not your problem, i just mentioned it for people searching the sambalist history. Regards Bas PS: my apologees for the the first message
Christopher Barry
2003-Apr-03 12:09 UTC
[Samba] no mapping between account names and security ids was done
On Wed, 2003-04-02 at 18:14, Chris Mason wrote:> I use a openLDAP database for authentication on my Redhat 7.2 server. The > domain is "HOME". I have had no problem adding trust accounts and > authenticating against it. > Today I had to change the name of my Win2K workstation from poseiden to > poseiden1 for compatibility with a package I am testing. Once I changed it > and put in a new trust account, I could not rejoin the domain. > I gave up and changed the name back. As I had deleted the trust account for > poseiden, I made a new one with > smbldap-useradd -w poseiden > I still cannot get the machine to join the domain, I get > > no mapping between account names and security ids was done > > when I try. > > Tailing /var/log/samba/poseiden.log > > [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_connect_system(250) > ldap_connect_system: succesful connection to the LDAP server > [2003/04/02 19:06:18, 2] passdb/pdb_ldap.c:ldap_search_one_user(262) > ldap_search_one_user: searching > for:[(&(uid=poseiden1$)(objectclass=sambaAccount))] > [2003/04/02 19:06:18, 0] passdb/pdb_ldap.c:pdb_getsampwnam(858) > LDAP search "(&(uid=poseiden1_)(objectclass=sambaAccount))" returned 0 > entries. > [2003/04/02 19:06:18, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) > get_md4pw: Workstation poseiden1$: no account in domain > [2003/04/02 19:06:18, 2] smbd/server.c:exit_server(461) > Closing connections > > > > > > Chris Mason > masonc@masonc.com > Box 340, The Valley, Anguilla, British West Indies > Tel: 264 497 5670 Fax: 264 497 8463 Cell: 264 235 5670 > http://www.anguillaguide.com/ The Anguilla Guide > Talk to me in real time: > Yahoo:netconcepts_anguilla > US Fax and Voicemail: (815)301-9759Could the fact that the old name has eight characters and the new one has nine play a role? Just wondering if their may be some char limit. -- Christopher Barry <cbarry@infiniconsys.com>