samba - Mar 2006 - getlocalsid: adding domain info...failed

I am trying to integrate Fedora Directory Server (1.0.1) and Samba (3.0.10)
on RHEL ES4.

When I execute "net getlocalsid" I get the following:

[2006/03/07 17:55:29, 0] lib/smbldap.c:smbldap_search_domain_info(1392)
  Adding domain info for WORKGROUP failed with NT_STATUS_UNSUCCESSFUL
SID for domain RHELES4RS1 is: S-1-5-21-807157010-1821471989-4121009367

My workgroup is currently set to workgroup and I can perform an ldapsearch.

I saw one refernce on the web to ignore this, but I was skeptical.

What could be causing this error?

The output of my testparm is below.

Thanks,
-Mont

Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[repository]"
Processing section "[root directory]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
    server string = rheles4rs1
    password server = None
    passdb backend = ldapsam:ldap://rheles4rs1.forayadams.foray.com:3911
    username map = /etc/samba/smbusers
    log file = /var/log/%m.log
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = /etc/printcap
    logon path = \\%L\profiles\%u
    logon drive = H:
    logon home = \\%L\%u\profiles
    domain logons = Yes
    os level = 33
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins support = Yes
    ldap admin dn = cn=Directory Manager
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap suffix = dc=forayadams,dc=foray,dc=com
    ldap user suffix = ou=People
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    cups options = raw

[netlogon]
    path = /var/lib/samba/netlogon
    browseable = No

[profiles]
    path = /var/lib/samba/profiles
    read only = No
    create mask = 0600
    directory mask = 0700

[homes]
    comment = Home Directories
    read only = No
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
    browseable = No

[repository]
    path = /repository
    valid users = testadmin, testuser
    read only = No

I figured this out, in case anyone else comes across it.  The problem was
with the conversion of the samba schema.  Fedora has a bug:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170791


The conversion script pointed to by:

http://directory.fedora.redhat.com/wiki/Howto:Samba

is out-of-date.  A newer version, that works around this bug can be found
at:

http://www.netauth.com/~jacksonm/ldap/ol-schema-migrate.pl

-Mont


On 3/7/06, Mont Rothstein <mont.rothstein@gmail.com>
wrote:
>
> I am trying to integrate Fedora Directory Server (1.0.1) and Samba (3.0.10)
> on RHEL ES4.
>
> When I execute "net getlocalsid" I get the following:
>
> [2006/03/07 17:55:29, 0] lib/smbldap.c:smbldap_search_domain_info(1392)
>   Adding domain info for WORKGROUP failed with NT_STATUS_UNSUCCESSFUL
> SID for domain RHELES4RS1 is: S-1-5-21-807157010-1821471989-4121009367
>
> My workgroup is currently set to workgroup and I can perform an
> ldapsearch.
>
> I saw one refernce on the web to ignore this, but I was skeptical.
>
> What could be causing this error?
>
> The output of my testparm is below.
>
> Thanks,
> -Mont
>
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[repository]"
> Processing section "[root directory]"
> Loaded services file OK.
> WARNING: You have some share names that are longer than 12 characters.
> These may not be accessible to some older clients.
> (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> # Global parameters
> [global]
>     server string = rheles4rs1
>     password server = None
>     passdb backend = ldapsam:ldap://rheles4rs1.forayadams.foray.com:3911
>     username map = /etc/samba/smbusers
>     log file = /var/log/%m.log
>     max log size = 50
>     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>     printcap name = /etc/printcap
>     logon path = \\%L\profiles\%u
>     logon drive = H:
>     logon home = \\%L\%u\profiles
>     domain logons = Yes
>     os level = 33
>     preferred master = Yes
>     domain master = Yes
>     dns proxy = No
>     wins support = Yes
>     ldap admin dn = cn=Directory Manager
>     ldap group suffix = ou=Groups
>     ldap machine suffix = ou=Computers
>     ldap suffix = dc=forayadams,dc=foray,dc=com
>     ldap user suffix = ou=People
>     idmap uid = 16777216-33554431
>     idmap gid = 16777216-33554431
>     cups options = raw
>
> [netlogon]
>     path = /var/lib/samba/netlogon
>     browseable = No
>
> [profiles]
>     path = /var/lib/samba/profiles
>     read only = No
>     create mask = 0600
>     directory mask = 0700
>
> [homes]
>     comment = Home Directories
>     read only = No
>     browseable = No
>
> [printers]
>     comment = All Printers
>     path = /var/spool/samba
>     printable = Yes
>     browseable = No
>
> [repository]
>     path = /repository
>     valid users = testadmin, testuser
>     read only = No
>
>