Hi !
I'm running a samba domain controler under rhel 5. It's version
3.0.33-3.7.el5.
I've also installed a ldap server to store users and groups and so on.
When I try a pdbedit -v david, I get the following :
Unix username: david
NT username: david
Account Flags: [U ]
User SID: S-1-5-21-215069222-2822928016-2390355089-1016
Finding user david
Trying _Get_Pwnam(), username as lowercase is david
Get_Pwnam_internals did find user [david]!
smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
=>
[(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2]
init_group_from_ldap: Entry found for group: 666
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter =>
[(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
=>
[(&(objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2]
init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666
Full Name: david
The weird thing is ldapsam_getsampwsid: Unable to locate SID
I think I made a mistake when creating both unix groups and samba groups.
Here is how the unix group is defined :
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg=sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
And here is what the user's definition :
dn: uid=david,ou=SambaUsers,BASEDN
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: david
sn: david
givenName: david
uid: david
uidNumber: 1016
homeDirectory: /smbhome/users/david/samba
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: david
sambaLogonScript: logon.bat
sambaProfilePath: \\DOMAIN_SERVER\profiles\david
sambaHomePath: \\DOMAIN_SERVER\david
sambaHomeDrive: P:
sambaLMPassword: PLOP
sambaNTPassword: PLOP
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdLastSet: 1228486572
userPassword: {SSHA}PLOP
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
gidNumber: 666
sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666
Of course, I've obfuscated what I found that has not point with my problem !
I think that the problem comes from the groups, both the unix one and the
samba one, but I don't know how to fix it.
If anyone could tell me what I could to to correct this, that would be great !
I hope I've given enough informations, but if you think I should give more,
fell free to ask. I'd really like to get rid of this anoying message.
Thanks in advance !
On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote:> Hi ! > I'm running a samba domain controler under rhel 5. It's version > 3.0.33-3.7.el5. > I've also installed a ldap server to store users and groups and so on. > When I try a pdbedit -v david, I get the following : > > Unix username: david > NT username: david > Account Flags: [U ] > User SID: S-1-5-21-215069222-2822928016-2390355089-1016 > Finding user david > Trying _Get_Pwnam(), username as lowercase is david > Get_Pwnam_internals did find user [david]! > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter > => [(&(objectClass=sambaGroupMapping)(gidNumber=666))], scope => [2] > init_group_from_ldap: Entry found for group: 666 > lookup_global_sam_rid: looking up RID 666. > smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter => > [(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) > (objectclass=sambaSamAccount))], scope => [2] > ldapsam_getsampwsid: Unable to locate SID > [S-1-5-21-215069222-2822928016-2390355089-666] count=0 > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter > => [(&(objectClass=sambaGroupMapping) > (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => [2] > init_group_from_ldap: Entry found for group: 666 > lookup_rids: CDTI:2 > Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666 > Full Name: david > > The weird thing is ldapsam_getsampwsid: Unable to locate SID > > I think I made a mistake when creating both unix groups and samba groups. > Here is how the unix group is defined : > > dn: cn=cdti,ou=Group,BASEDN > objectClass: posixGroup > objectClass: top > cn: cdti > userPassword: {crypt}x > gidNumber: 666 > > Here is how the samba group is defined : > > dn: cn=CDTI,ou=Groups,BASEDN > objectClass: top > objectClass: posixGroup > objectClass: sambaGroupMapping > cn: CDTI > description:: > Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg=> sambaGroupType: 2 > memberUid: david > gidNumber: 666 > sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 > > And here is what the user's definition : > > dn: uid=david,ou=SambaUsers,BASEDN > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaSamAccount > cn: david > sn: david > givenName: david > uid: david > uidNumber: 1016 > homeDirectory: /smbhome/users/david/samba > loginShell: /bin/bash > gecos: System User > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > displayName: david > sambaLogonScript: logon.bat > sambaProfilePath: \\DOMAIN_SERVER\profiles\david > sambaHomePath: \\DOMAIN_SERVER\david > sambaHomeDrive: P: > sambaLMPassword: PLOP > sambaNTPassword: PLOP > sambaPasswordHistory: > 000000000000000000000000000000000000000000000000000000 0000000000 > sambaPwdLastSet: 1228486572 > userPassword: {SSHA}PLOP > sambaAcctFlags: [U ] > sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 > gidNumber: 666 > sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 > > > Of course, I've obfuscated what I found that has not point with my problem > ! > > I think that the problem comes from the groups, both the unix one and the > samba one, but I don't know how to fix it. > If anyone could tell me what I could to to correct this, that would be > great ! I hope I've given enough informations, but if you think I should > give more, fell free to ask. I'd really like to get rid of this anoying > message. Thanks in advance !UP ! Noone to help me with that ?