Jason Baker
2007-Jan-19 13:36 UTC
[Samba] Unable to locate SID, possible problem with Idmap?
I am running Samba as a PDC with an LDAP backend and all is working
good, except now I am trying to set up a Samba Domain Member server with
shares on it that will be authenticated via the PDC, but for some reason
it is not working. One interesting thing I notice is that when I run
pdbedit -Lv on the PDC I get results like this:
Unix username: test
NT username: test
Account Flags: [U ]
User SID: S-1-5-21-1194936901-2368177035-684874509-3020
init_group_from_ldap: Entry found for group: 513
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-1194936901-2368177035-684874509-513] count=0
init_group_from_ldap: Entry found for group: 513
Primary Group SID: S-1-5-21-1194936901-2368177035-684874509-513
Full Name: Test Account
<snip>
Notice the line /ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-1194936901-2368177035-684874509-513] count=0, /is that a
problem or is it normal behavior?
I was able to join the Member Server to the domain, but I cannot see the
users and groups from LDAP using getent. I tried setting it up with NSS
and also with Winbind and neither seems to work. Any thoughts?
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
Gerald (Jerry) Carter
2007-Jan-19 14:42 UTC
[Samba] Unable to locate SID, possible problem with Idmap?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason,> I am running Samba as a PDC with an LDAP backend and all > is working good, except now I am trying to set up a Samba > Domain Member server with shares on it that will be > authenticated via the PDC, but for some reason > it is not working. One interesting thing I notice is > that when I run pdbedit -Lv on the PDC I get results like this: > > Unix username: test > NT username: test > Account Flags: [U ] > User SID: S-1-5-21-1194936901-2368177035-684874509-3020 > init_group_from_ldap: Entry found for group: 513 > ldapsam_getsampwsid: Unable to locate SID > [S-1-5-21-1194936901-2368177035-684874509-513] count=0 > init_group_from_ldap: Entry found for group: 513 > Primary Group SID: S-1-5-21-1194936901-2368177035-684874509-513 > Full Name: Test Account > <snip> > > Notice the line /ldapsam_getsampwsid: Unable to locate SID > [S-1-5-21-1194936901-2368177035-684874509-513] count=0, /is that a > problem or is it normal behavior?It's probably fine if you don't have a mapping for Domain Users.> I was able to join the Member Server to the domain, but I > cannot see the users and groups from LDAP using getent. I > tried setting it up with NSS and also with Winbind and > neither seems to work. Any thoughts?Make sure you updated the schema file and added the new index as described in the release notes. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFsNjQIR7qMdg1EfYRAnEmAJ9PRu3wGQFxnpHE2gGV8lV9Xgy+bwCg3JRC 1XmW1CM5h0WOphus40G/5SY=ojm7 -----END PGP SIGNATURE-----