emmanuel musso
2007-Feb-27 15:44 UTC
[Samba] ldap machine account: bad RID, no SambaPrimaruGroupSID, since 3.0.23c
Hello all When a windows xp workstation join a domain, by windows gui parameters, ldap machine attributes are not filled correctly: - No attribute sambaprimarygroupsid (before, there was one terminated by 515) - rid (of sambasid) is not equal a 2*uid+1000 gid attribute is ok (515) If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid terminated by 513) All the others samba attributes are ok Same problem if i use "smbldap-useradd -w" before joining the domain; Posix attributes are created by "smbldap-useradd -w", and samba attributes are created the first time workstation join the domain, allways with bad sambasid and without sambaprimarygroupsid. Same problem if i use "net join" on a linux smbclient with winbind SAMBA seems using the sambaNextRid field from the sambaDomainName entry to build the SAMBA SID of the computer accounts, but I don't know why (thanks cedric) In all cases, my workstation is connected to the domain, and user can use it. I didn't change my config, i didn't modify idealx tools. The problem exits since 3.0.23c-1 update in month september (with samba.schema modif) I know my computers who joined the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with sambaprimarygroupsid present, and valid sambasid (rid = 2* uid + 1000). I have 2 Domain with the same problem My config: - Server samba 3.0.23d-4 on debian testing, with daily updates smbldap-tools 0.9.2-3 - smb.conf: add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" - worstation: windows xp sp2 windows 2000 sp4 kdm on debian with smbclient and winbind Thank you very much (this mail is already sent at february 5th) Best regards -- Emmanuel musso technicien informatique I.U.T. Paul Sabatier Dépt Génie électrique 0562258241 Service informatique 0562258025 ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.