Hi ! I'm running a samba domain controler under rhel 5. It's version 3.0.33-3.7.el5. I've also installed a ldap server to store users and groups and so on. When I try a pdbedit -v david, I get the following : Unix username: david NT username: david Account Flags: [U ] User SID: S-1-5-21-215069222-2822928016-2390355089-1016 Finding user david Trying _Get_Pwnam(), username as lowercase is david Get_Pwnam_internals did find user [david]! smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2] init_group_from_ldap: Entry found for group: 666 lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter => [(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope => [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter => [(&(objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666 Full Name: david The weird thing is ldapsam_getsampwsid: Unable to locate SID I think I made a mistake when creating both unix groups and samba groups. Here is how the unix group is defined : dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg=sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 And here is what the user's definition : dn: uid=david,ou=SambaUsers,BASEDN objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: david sn: david givenName: david uid: david uidNumber: 1016 homeDirectory: /smbhome/users/david/samba loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: david sambaLogonScript: logon.bat sambaProfilePath: \\DOMAIN_SERVER\profiles\david sambaHomePath: \\DOMAIN_SERVER\david sambaHomeDrive: P: sambaLMPassword: PLOP sambaNTPassword: PLOP sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000 0000000000 sambaPwdLastSet: 1228486572 userPassword: {SSHA}PLOP sambaAcctFlags: [U ] sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 gidNumber: 666 sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 Of course, I've obfuscated what I found that has not point with my problem ! I think that the problem comes from the groups, both the unix one and the samba one, but I don't know how to fix it. If anyone could tell me what I could to to correct this, that would be great ! I hope I've given enough informations, but if you think I should give more, fell free to ask. I'd really like to get rid of this anoying message. Thanks in advance !
On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote:> Hi ! > I'm running a samba domain controler under rhel 5. It's version > 3.0.33-3.7.el5. > I've also installed a ldap server to store users and groups and so on. > When I try a pdbedit -v david, I get the following : > > Unix username: david > NT username: david > Account Flags: [U ] > User SID: S-1-5-21-215069222-2822928016-2390355089-1016 > Finding user david > Trying _Get_Pwnam(), username as lowercase is david > Get_Pwnam_internals did find user [david]! > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter > => [(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2] > init_group_from_ldap: Entry found for group: 666 > lookup_global_sam_rid: looking up RID 666. > smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter => > [(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) > (objectclass=sambaSamAccount))], scope => [2] > ldapsam_getsampwsid: Unable to locate SID > [S-1-5-21-215069222-2822928016-2390355089-666] count=0 > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter > => [(&(objectClass=sambaGroupMapping) > (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2] > init_group_from_ldap: Entry found for group: 666 > lookup_rids: CDTI:2 > Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666 > Full Name: david > > The weird thing is ldapsam_getsampwsid: Unable to locate SID > > I think I made a mistake when creating both unix groups and samba groups. > Here is how the unix group is defined : > > dn: cn=cdti,ou=Group,BASEDN > objectClass: posixGroup > objectClass: top > cn: cdti > userPassword: {crypt}x > gidNumber: 666 > > Here is how the samba group is defined : > > dn: cn=CDTI,ou=Groups,BASEDN > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > cn: CDTI > description:: > Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg=> sambaGroupType: 2 > memberUid: david > gidNumber: 666 > sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 > > And here is what the user's definition : > > dn: uid=david,ou=SambaUsers,BASEDN > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaSamAccount > cn: david > sn: david > givenName: david > uid: david > uidNumber: 1016 > homeDirectory: /smbhome/users/david/samba > loginShell: /bin/bash > gecos: System User > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > displayName: david > sambaLogonScript: logon.bat > sambaProfilePath: \\DOMAIN_SERVER\profiles\david > sambaHomePath: \\DOMAIN_SERVER\david > sambaHomeDrive: P: > sambaLMPassword: PLOP > sambaNTPassword: PLOP > sambaPasswordHistory: > 000000000000000000000000000000000000000000000000000000 0000000000 > sambaPwdLastSet: 1228486572 > userPassword: {SSHA}PLOP > sambaAcctFlags: [U ] > sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 > gidNumber: 666 > sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 > > > Of course, I've obfuscated what I found that has not point with my problem > ! > > I think that the problem comes from the groups, both the unix one and the > samba one, but I don't know how to fix it. > If anyone could tell me what I could to to correct this, that would be > great ! I hope I've given enough informations, but if you think I should > give more, fell free to ask. I'd really like to get rid of this anoying > message. Thanks in advance !UP ! Noone to help me with that ?