Hello
I'm hoping someone can provide some insight, sample snippet from smb.conf
and the samba log.
Password authentication is working & succeeding, complains about an invalid
SID which I know is the trust relationship that is formed between server and
client, this is a duplicate ldap database from a samba domain controller.
On the topic, anyone have a good book to recommend on Samba, I feel I am
only using 10% of its capability and not really well at that... something is
staring me in the face and Im missing it.
[global]
workgroup = companyx
printing = cups
hosts allow = 192.168.1. printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
security = user
encrypt passwords = Yes
obey pam restrictions = No
log level = 2
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za
ldap suffix = dc=companyx,dc=co,dc=za
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = off
ldap delete dn = Yes
[testdir]
comment = test1
path = "/data/test"
browseable = yes
writable = yes
read only = no
available = yes
valid users = bradleyc
admin users = bradleyc
[2009/03/13 08:36:39, 2]
lib/access.c:check_access(406)
Allowed connection from __ffff_192.168.2.154
(::ffff:192.168.2.154)
[2009/03/13 08:36:39, 2]
lib/smbldap.c:smbldap_open_connection(796)
smbldap_open_connection: connection
opened
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user:
bradleyc
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
513
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
513
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
1010
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
512
[2009/03/13 08:36:39, 2]
auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [bradleyc] -> [bradleyc]
->
[bradleyc] succeeded
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
544
[2009/03/13 08:36:39, 2]
lib/access.c:check_access(406)
Allowed connection from ::ffff:192.168.2.154
(::ffff:192.168.2.154)
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user:
bradleyc
[2009/03/13 08:36:39, 2]
passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group:
513
[2009/03/13 08:36:39, 0]
passdb/passdb.c:lookup_global_sam_name(595)
User bradleyc with invalid SID
S-1-5-21-1571991244-1820204139-1100571284-3420 in
passdb
[2009/03/13 08:36:39, 2]
smbd/service.c:make_connection_snum(736)
user 'bradleyc' (from session setup) not permitted to access this
share
(testdir)
Hiya, A few questions. Is the machine a PDC what's the output of the command "net getlocalsid" in a terminal What scripts are you using to change passwords? smbldaptools? Cheers, Julian> Hello > > I'm hoping someone can provide some insight, sample snippet from smb.conf > and the samba log. > Password authentication is working & succeeding, complains about an > invalid > SID which I know is the trust relationship that is formed between server > and > client, this is a duplicate ldap database from a samba domain controller. > > On the topic, anyone have a good book to recommend on Samba, I feel I am > only using 10% of its capability and not really well at that... something > is > staring me in the face and Im missing it. > > [global] > workgroup = companyx > printing = cups > hosts allow = 192.168.1. printcap name = cups > printcap cache time = 750 > cups options = raw > map to guest = Bad User > include = /etc/samba/dhcp.conf > security = user > encrypt passwords = Yes > obey pam restrictions = No > log level = 2 > passdb backend = ldapsam:ldap://127.0.0.1/ > ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za > ldap suffix = dc=companyx,dc=co,dc=za > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Users > ldap ssl = off > ldap delete dn = Yes > > [testdir] > comment = test1 > path = "/data/test" > browseable = yes > writable = yes > read only = no > available = yes > valid users = bradleyc > admin users = bradleyc > > > > [2009/03/13 08:36:39, 2] > lib/access.c:check_access(406) > > Allowed connection from __ffff_192.168.2.154 > (::ffff:192.168.2.154) > > [2009/03/13 08:36:39, 2] > lib/smbldap.c:smbldap_open_connection(796) > > smbldap_open_connection: connection > opened > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > init_sam_from_ldap: Entry found for user: > bradleyc > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 1010 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 512 > > [2009/03/13 08:36:39, 2] > auth/auth.c:check_ntlm_password(308) > > check_ntlm_password: authentication for user [bradleyc] -> [bradleyc] > -> > [bradleyc] succeeded > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 544 > > [2009/03/13 08:36:39, 2] > lib/access.c:check_access(406) > > Allowed connection from ::ffff:192.168.2.154 > (::ffff:192.168.2.154) > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > init_sam_from_ldap: Entry found for user: > bradleyc > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 0] > passdb/passdb.c:lookup_global_sam_name(595) > > User bradleyc with invalid SID > S-1-5-21-1571991244-1820204139-1100571284-3420 in > passdb > [2009/03/13 08:36:39, 2] > smbd/service.c:make_connection_snum(736) > > user 'bradleyc' (from session setup) not permitted to access this share > (testdir) > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
"Brad C" <bradleydanecook@gmail.com> wrote in message news:2d2102ba0903130148g251b0e70l7fc2f48894730c7f@mail.gmail.com...> Hello >> On the topic, anyone have a good book to recommend on Samba, I feel I am > only using 10% of its capability and not really well at that... somethingis> staring me in the face and Im missing it.The best books I have seen are the Official How To and Samba by Example. Both are available in the Learn Samba section at www.samba.org. You can purchase Samba by Example in book stores. It is also available online at Amazon or Barnes and Noble. Samba by Example gives you step by step instructions re: setting up various types of Samba machines. The Official How To explains a lot of the concepts re: how Samba works. You can use Samba by Example to learn how to set up a PDC. You can then use the Offical How To in order to get a deeper understanding of how SID's work or how Linux to Windows user mapping works.
well the user's sid is invalid. does it match the domain's sid with net getdomainsid? Brad C wrote:> Hello > > I'm hoping someone can provide some insight, sample snippet from smb.conf > and the samba log. > Password authentication is working & succeeding, complains about an invalid > SID which I know is the trust relationship that is formed between server and > client, this is a duplicate ldap database from a samba domain controller. > > On the topic, anyone have a good book to recommend on Samba, I feel I am > only using 10% of its capability and not really well at that... something is > staring me in the face and Im missing it. > > [global] > workgroup = companyx > printing = cups > hosts allow = 192.168.1. printcap name = cups > printcap cache time = 750 > cups options = raw > map to guest = Bad User > include = /etc/samba/dhcp.conf > security = user > encrypt passwords = Yes > obey pam restrictions = No > log level = 2 > passdb backend = ldapsam:ldap://127.0.0.1/ > ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za > ldap suffix = dc=companyx,dc=co,dc=za > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Users > ldap ssl = off > ldap delete dn = Yes > > [testdir] > comment = test1 > path = "/data/test" > browseable = yes > writable = yes > read only = no > available = yes > valid users = bradleyc > admin users = bradleyc > > > > [2009/03/13 08:36:39, 2] > lib/access.c:check_access(406) > > Allowed connection from __ffff_192.168.2.154 > (::ffff:192.168.2.154) > > [2009/03/13 08:36:39, 2] > lib/smbldap.c:smbldap_open_connection(796) > > smbldap_open_connection: connection > opened > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > init_sam_from_ldap: Entry found for user: > bradleyc > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 1010 > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 512 > > [2009/03/13 08:36:39, 2] > auth/auth.c:check_ntlm_password(308) > > check_ntlm_password: authentication for user [bradleyc] -> [bradleyc] -> > [bradleyc] succeeded > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 544 > > [2009/03/13 08:36:39, 2] > lib/access.c:check_access(406) > > Allowed connection from ::ffff:192.168.2.154 > (::ffff:192.168.2.154) > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > init_sam_from_ldap: Entry found for user: > bradleyc > > [2009/03/13 08:36:39, 2] > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > init_group_from_ldap: Entry found for group: > 513 > > [2009/03/13 08:36:39, 0] > passdb/passdb.c:lookup_global_sam_name(595) > > User bradleyc with invalid SID > S-1-5-21-1571991244-1820204139-1100571284-3420 in > passdb > [2009/03/13 08:36:39, 2] > smbd/service.c:make_connection_snum(736) > > user 'bradleyc' (from session setup) not permitted to access this share > (testdir) >