Janicko Zeppelin
2007-Sep-06 20:39 UTC
[Samba] can't add machine to domain after samba update
Hi all.
We have big problem with adding new machine to our domain.
2 weeks ago we upgrade our machine to Debian 4 (etch). Than we automatic
update our samba to version 3.0.24 (from debian package).
We use LDAP backend for samba.
When we try add Windows XP or Windows 2000 to our domain, we got this
error message on client:
Security database is corrupted.
On server we have in log file log.smbd this error messages:
[2007/09/06 22:06:46, 1]
passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2582)
Unable to find the member's gid!
[2007/09/06 22:06:46, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/09/06 22:06:46, 0] auth/auth_sam.c:check_sam_security(352)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2007/09/06 22:06:46, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain
[ourdomain] was for this SAM.
[2007/09/06 22:06:46, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [administrator] ->
[user] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2007/09/06 22:06:46, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
NT_STATUS_INTERNAL_DB_CORRUPTION
After samba update we had some problem with groups in LDAP and we need
change last 3 digits in our samba groups SID. For ou=Computers we use
group "Domain Computers" with gid 553.
Thank you for any answer.
Regards
Janicko
Gerald (Jerry) Carter
2007-Sep-06 20:55 UTC
[Samba] can't add machine to domain after samba update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Janicko Zeppelin wrote:> Hi all. > > We have big problem with adding new machine to our domain. > 2 weeks ago we upgrade our machine to Debian 4 (etch). Than we automatic > update our samba to version 3.0.24 (from debian package). > We use LDAP backend for samba. > > When we try add Windows XP or Windows 2000 to our domain, we got this > error message on client: > Security database is corrupted. > On server we have in log file log.smbd this error messages: >...> Unable to find the member's gid! > check_ntlm_password: Authentication for user [administrator] -> > [user] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTIONAre the entries with sambaSamAccount also posixAccount objects? or do you have the gidNumber for user attributes restricted somehow? cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4GkIIR7qMdg1EfYRArPxAKDOKfyR/PtEYMa7578ETt1CC1t9oQCgmUN9 w+EiR5/xf6aV5EEqEkqMCCA=XFtF -----END PGP SIGNATURE-----
Janicko Zeppelin
2007-Sep-12 20:44 UTC
[Samba] [solved]: Re: can't add machine to domain after samba update
Hi all
If someone will have this problem we found solution for us.
When we updated samba to newer version we had problem with one
application. We was try some configuration options and we use:
ldapsam:trusted = yes
Now we try comment this option and after samba restart we don't have any
problem with add machine to domain.
Regards,
Janicko Zeppelin wrote:> Hi all.
>
> We have big problem with adding new machine to our domain.
> 2 weeks ago we upgrade our machine to Debian 4 (etch). Than we automatic
> update our samba to version 3.0.24 (from debian package).
> We use LDAP backend for samba.
>
> When we try add Windows XP or Windows 2000 to our domain, we got this
> error message on client:
> Security database is corrupted.
> On server we have in log file log.smbd this error messages:
>
> [2007/09/06 22:06:46, 1]
> passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2582)
> Unable to find the member's gid!
> [2007/09/06 22:06:46, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/09/06 22:06:46, 0] auth/auth_sam.c:check_sam_security(352)
> check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_INTERNAL_DB_CORRUPTION'
> [2007/09/06 22:06:46, 3] auth/auth_winbind.c:check_winbind_security(80)
> check_winbind_security: Not using winbind, requested domain
> [ourdomain] was for this SAM.
> [2007/09/06 22:06:46, 2] auth/auth.c:check_ntlm_password(319)
> check_ntlm_password: Authentication for user [administrator] ->
> [user] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
> [2007/09/06 22:06:46, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
> NT_STATUS_INTERNAL_DB_CORRUPTION
>
> After samba update we had some problem with groups in LDAP and we need
> change last 3 digits in our samba groups SID. For ou=Computers we use
> group "Domain Computers" with gid 553.
>
> Thank you for any answer.
>
> Regards
>
> Janicko
>
>