C.Lee Taylor
2004-Feb-09 17:03 UTC
[Samba] primary gid of user [desires] is not a Domain group !
Greetings ...
I hope somebody can explain this to me, or give me a help to fix
this problem ...
On my Samba server ( 3.0.2rc2 ) I am getting ...
Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU
Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu: failed to do
schannel processing.
Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0]
rpc_server/srv_util.c:get_domain_user_groups(372)
Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: primary
gid of user [desires] is not a Domain group !
Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: You
should fix it, NT doesn't like that
But if I do ...
[root@eastrand root]# pdbedit -L -v -u desires
Unix username: desires
NT username: desires
Account Flags: [UX ]
User SID: S-1-5-21-3795178988-3942151060-2329322268-44008
Primary Group SID: S-1-5-21-3795178988-3942151060-2329322268-513
Full Name: Desire Steyn
Home Directory: \\eastrand\desires
HomeDir Drive: l:
Logon Script: login.bat
Profile Path: \\eastrand\desires\profile
Domain: XXXXX-ZA-DM
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 22:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT
Password last set: Thu, 13 Feb 2003 13:24:06 GMT
Password can change: 0
Password must change: Fri, 13 Dec 1901 22:45:51 GMT
[root@eastrand root]#
Now I have an LDAP passdb, and I have done a
[root@eastrand root]# net groupmap list
Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) -> ntusers
Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) -> machines
Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) -> ntadmin
Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) -> nobody
And
[root@eastrand root]# getent passwd |grep -i des
desires:x:21504:10000:Desire:/home/users/desires:/sbin/nologin
Has anyone got an idea of what I am missing ...
Mailed
Lee
C.Lee Taylor
2004-Feb-16 18:02 UTC
[Samba] primary gid of user [desires] is not a Domain group !
Wendell Wilson wrote:> Precisely the same thing is happening to me! There have been a couple > other threads with others having more or less the same problem... but > I haven't seen any fixes that work for me, yet. > > I have 3.0.1, at the moment. Did you upgrade from 2.2.x? or from an > earlier version of 3.x? Or did this just start out of the blue? I am > not using LDAP, at this point, or even winbind to handle user/group > mappings. What sort of setup do you have?Currently using 3.0.2, at least the ones FC1 just shiped over the weekend ... I did a clean installation and converted my LDAP ldif file to from Samba2 to Samba3 ... I have made all sorts of changes and can't get this to go away, so I don't know what the problem is ... At first I through that my posix accounts primary gid how to be mapped to an NT one, then I modified the Primary SID for each users and still got it ... so I really don't know ... Mailed Lee> > Wendell > > C.Lee Taylor wrote: > >> Greetings ... >> >> I hope somebody can explain this to me, or give me a help to fix >> this problem ... >> >> On my Samba server ( 3.0.2rc2 ) I am getting ... >> >> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] >> rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) >> Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU >> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] >> rpc_server/srv_pipe_hnd.c:process_request_pdu(605) >> Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu: failed to >> do schannel processing. >> Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0] >> rpc_server/srv_util.c:get_domain_user_groups(372) >> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: >> primary gid of user [desires] is not a Domain group ! >> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: You >> should fix it, NT doesn't like that >> >> But if I do ... >> >> [root@eastrand root]# pdbedit -L -v -u desires >> Unix username: desires >> NT username: desires >> Account Flags: [UX ] >> User SID: S-1-5-21-3795178988-3942151060-2329322268-44008 >> Primary Group SID: S-1-5-21-3795178988-3942151060-2329322268-513 >> Full Name: Desire Steyn >> Home Directory: \\eastrand\desires >> HomeDir Drive: l: >> Logon Script: login.bat >> Profile Path: \\eastrand\desires\profile >> Domain: XXXXX-ZA-DM >> Account desc: >> Workstations: >> Munged dial: >> Logon time: 0 >> Logoff time: Fri, 13 Dec 1901 22:45:51 GMT >> Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT >> Password last set: Thu, 13 Feb 2003 13:24:06 GMT >> Password can change: 0 >> Password must change: Fri, 13 Dec 1901 22:45:51 GMT >> [root@eastrand root]# >> >> Now I have an LDAP passdb, and I have done a >> [root@eastrand root]# net groupmap list >> Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) -> ntusers >> Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) -> >> machines >> Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) -> ntadmin >> Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) -> nobody >> >> And >> >> [root@eastrand root]# getent passwd |grep -i des >> desires:x:21504:10000:Desire:/home/users/desires:/sbin/nologin >> >> Has anyone got an idea of what I am missing ... >> >> Mailed >> Lee >> >> > > >
C.Lee Taylor
2004-Feb-18 15:07 UTC
[Samba] primary gid of user [desires] is not a Domain group !
Greetings ...
Let's keep the list in on this, other people might be able to get
info from this too ...
Wendell Wilson wrote:
> Still more clues! Partially 'fixed.'
Okay ...
> doing ` net rpc user -S <domain name> info <user name> `
I can't get this to work ... it just does not return any thing, so I
tried a few other things, which also did not give me anything, but ...
[root@nasrec root]# net rpc info
Domain Name: XXXXX-ZA-DM
Domain SID: S-1-5-21-3795178988-3942151060-2329322268
Sequence number: 1077004228
Num users: 159
Num domain groups: 0
Num local groups: 0
Which is wierd, showing that I have no groups ... but my net
groupmap list shows four maps, why would I not have any groups ...
> I see that bob only belongs to only Domain Users. Yet, doing pdbedit
> -L -v -u bob ... shows the primary GID that matches the GID when I do
> `net groupmap list ` (same as you).
>
> Then, I ran ` pdbedit -u bob --group SID=" < domain admins SID >
" `
> ... and the net rpc command shows the user belongs to both groups.
Just to be correct, it would be `pdbedit -r -u bob --group SID=" <
domain admins SID > "`, you should not forget the '-r' when
modifing ...
> I am no longer getting the 'nt doesn't like it / fix it'
message in my
> logs, but I still see the 'failed to decode PDU' message and
'failed
> to do schannel1 processing' when the user logs in.
I went through my LDAP DB and manual fixed all the funny RID's for
the Primary Group SID, but I am still seeing my "fix P G SID" error
...
> Does this help you any?
A little, I am looking further into this ...
> If so, do you still get the PDU messages when someone logs in?
Still, but not as much as before, will keep an eye open on this ...
>>>> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
>>>> rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
>>>> Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU
>>>> Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0]
>>>> rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
>>>> Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu:
failed
>>>> to do schannel processing.
>>>> Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0]
>>>> rpc_server/srv_util.c:get_domain_user_groups(372)
>>>> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups:
>>>> primary gid of user [desires] is not a Domain group !
>>>> Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups:
You
>>>> should fix it, NT doesn't like that
>>>>
>>>> But if I do ...
>>>>
>>>> [root@eastrand root]# pdbedit -L -v -u desires
>>>> Unix username: desires
>>>> NT username: desires
>>>> Account Flags: [UX ]
>>>> User SID:
S-1-5-21-3795178988-3942151060-2329322268-44008
>>>> Primary Group SID:
S-1-5-21-3795178988-3942151060-2329322268-513
>>>> Full Name: Desire Steyn
>>>> Home Directory: \\eastrand\desires
>>>> HomeDir Drive: l:
>>>> Logon Script: login.bat
>>>> Profile Path: \\eastrand\desires\profile
>>>> Domain: XXXXX-ZA-DM
>>>> Account desc:
>>>> Workstations:
>>>> Munged dial:
>>>> Logon time: 0
>>>> Logoff time: Fri, 13 Dec 1901 22:45:51 GMT
>>>> Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT
>>>> Password last set: Thu, 13 Feb 2003 13:24:06 GMT
>>>> Password can change: 0
>>>> Password must change: Fri, 13 Dec 1901 22:45:51 GMT
>>>> [root@eastrand root]#
>>>>
>>>> Now I have an LDAP passdb, and I have done a
>>>> [root@eastrand root]# net groupmap list
>>>> Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513)
->
>>>> ntusers
>>>> Domain Computers
(S-1-5-21-3795178988-3942151060-2329322268-515) ->
>>>> machines
>>>> Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512)
->
>>>> ntadmin
>>>> Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514)
->
>>>> nobody
>>>>
>>>> And
>>>>
>>>> [root@eastrand root]# getent passwd |grep -i des
>>>> desires:x:21504:10000:Desire:/home/users/desires:/sbin/nologin
>>>