Adam Williams
2007-Nov-09 16:24 UTC
[Samba] A device attached to the system is not functioning.
Windows XP w/ SP2 is giving me that error message when I'm trying to log into my domain: A device attached to the system is not functioning. error log: [2007/11/09 10:21:01, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user TEST\testuser has user sid S-1-1-0 but group sid S-1-5-21-3536689092-529281149-710501220-513. The conflicting domain portions are not supported for NETLOGON calls [root@gomer ~]# cat /etc/samba/smb.conf [global] unix charset = LOCALE workgroup = TEST netbios name = GOMER server string = Samba Server %v on gomer # interfaces = eth0, lo interfaces = 10.8.3.37/24 127.0.0.1/8 bind interfaces only = Yes hosts allow = 10.8. passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us enable privileges = Yes username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = no add user script = /usr/sbin/smbldap-useradd -a -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-groupmod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us idmap backend = ldap:ldap://gomer.mdah.state.ms.us idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = Yes printing = cups printer admin = root, awilliam ldap passwd sync = yes winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /home/winnt/%D/%U template shell = /bin/bash winbind enum users = yes winbind enum groups = yes winbind use default domain = no [homes] comment = Home Directories valid users = %S read only = no browseable = No [accounts] comment = Accounting Files path = /data/accounts read only = No [netlogon] comment = network logon service path = /var/lib/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, awilliam and the user exists in ldap: ldapsearch -D 'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b "uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxx -x # extended LDIF # # LDAPv3 # base <uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us> with scope subtree # filter: (objectclass=*) # requesting: ALL # # testuser, People, gomer.mdah.state.ms.us dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us uid: testuser cn: test user telephoneNumber: 5766888 roomNumber: IS homePhone: 3738042 givenName: test sn: user mail: testuser@dc=mdah,dc=state,dc=ms,dc=us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: sambaSamAccount loginShell: /bin/bash uidNumber: 501 gidNumber: 101 homeDirectory: /home/testuser gecos: test user,IS,5766888,3738042 sambaSID: S-1-1-0 sambaLMPassword: xxxxxxxxxxx sambaAcctFlags: [U] sambaNTPassword: xxxxxxxxxxxxxxx sambaPwdMustChange: 1194624706 shadowLastChange: 0 shadowMax: 99999 shadowWarning: 7 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1194624832 userPassword:: xxxxxxxxxxxxxxxxxx # search result search: 2 result: 0 Success any ideas? # numResponses: 2 # numEntries: 1
Gerald (Jerry) Carter
2007-Nov-11 01:57 UTC
[Samba] A device attached to the system is not functioning.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam,> Windows XP w/ SP2 is giving me that error message when I'm trying to log > into my domain: > > A device attached to the system is not functioning.This is always the result of returning NT_STATUS_UNSUCCESSUL from smbd (which is wrong anyways).> error log: > > [2007/11/09 10:21:01, 1] > rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) > _net_sam_logon: user TEST\testuser has user sid S-1-1-0 > but group sid S-1-5-21-3536689092-529281149-710501220-513. > The conflicting domain portions are not supported for NETLOGON calls...> # testuser, People, gomer.mdah.state.ms.us > dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us...> homeDirectory: /home/testuser > gecos: test user,IS,5766888,3738042 > sambaSID: S-1-1-0^^^^^^^^^^^^^^^^^^^ That's wrong. S-1-1-0 is "Everyone". How did that SID get assigned? cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHNmFgIR7qMdg1EfYRArAnAKDbbLL3QVsNI4Kbo9nht4O4ENsEQQCg0sn5 PaaEjW9hF1rVLO7g0SVMxm0=X5aU -----END PGP SIGNATURE-----