Hello When a windows xp workstation join a domain, by windows gui parameters, ldap machine attributes are not filled correctly: - No attribute sambaprimarygroupsid (before, there was one terminated by 515) - rid (of sambasid) is not equal a 2*uid+1000 If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid terminated by 513) All the others samba attributes are ok Same problem if i use "smbldap-useradd -w" before joining the domain; Posix attributes are created by "smbldap-useradd -w", and samba attributes are created the first time workstation join the domain, allways with bad sambasid and without sambaprimarygroupsid. Same problem if i use "net join" on a linux smbclient with winbind In all cases, my workstation is connected to the domain, and user can use it. I didn't change my config, i didn't modify idealx tools. I think the problem exits since 3.0.23c-1 update in month september. I know my computers who joined the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with sambaprimarygroupsid present, and valid sambasid (rid = 2* uid + 1000). I have 2 Domain with the same problem My config: - Server samba 3.0.23d-4 on debian testing, with daily updates smbldap-tools 0.9.2-3 - smb.conf: add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" - worstation: windows xp sp2 windows 2000 sp4 kdm on debian with smbclient and winbind Thank you very much Best regards -- Emmanuel musso technicien informatique I.U.T. Paul Sabatier D?pt G?nie ?lectrique 0562258241 Service informatique 0562258025 ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Le lundi 05 f?vrier 2007 ? 09:45 +0100, emmanuel musso a ?crit :> Hello > > When a windows xp workstation join a domain, by windows gui parameters, ldap > machine attributes are not filled correctly: > > - No attribute sambaprimarygroupsid (before, there was one terminated by 515)AFAIK, the gid number of a computer/user account entry is now used to determine its primary group SID (if sambaPrimaryGroupSID is not set).> - rid (of sambasid) is not equal a 2*uid+1000 > > If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid > terminated by 513) > > All the others samba attributes are ok > Same problem if i use "smbldap-useradd -w" before joining the domain; Posix > attributes are created by "smbldap-useradd -w", and samba attributes are > created the first time workstation join the domain, allways with bad sambasid > and without sambaprimarygroupsid. > > Same problem if i use "net join" on a linux smbclient with winbind > > In all cases, my workstation is connected to the domain, and user can use it. > > I didn't change my config, i didn't modify idealx tools. I think the problem > exits since 3.0.23c-1 update in month september. I know my computers who joined > the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with > sambaprimarygroupsid present, and valid sambasid > (rid = 2* uid + 1000). > I have 2 Domain with the same problemI have one domain that also showed this behaviour (samba 3.0.23d), and another that works ? like before ?. Looks like that SAMBA was using the sambaNextRid field from the sambaDomainName entry to build the SAMBA SID of the computer accounts, but I don't know why. Regards, -- Cedric Delfosse Linbox / Free&ALter Soft 152, rue de Grigy - Technopole Metz 57070 METZ - FRANCE tel: +33 (0)3 87 50 87 90 http://linbox.com
Apparently Analagous Threads
- ldap machine account: bad RID, no SambaPrimaruGroupSID, since 3.0.23c
- ldap machine attributes not filled correctly when join a domain
- No group in usermanager for NT (usrmgr.ese)
- SambaNextRid, SambaPrimaryGroupSid.
- winbind: getent passwd displays the user, but SAMBA says Get_Pwnam_internals didn't find user