Frank Van Damme
2011-Jul-12 13:04 UTC
[Samba] invalid SID in passdb on stand-alone file server with ldapsam
hello! I got some log message I can't explain. when I log in to a server it says: [2011/07/12 14:20:41.784580, 0] passdb/passdb.c:627(lookup_global_sam_name) User frvdamme with invalid SID S-1-5-21-2863620551-4077714424-203869783-5020 in passdb It's a standalone file server, no domain, and the password backend is (open)ldap. Samba is version 3.5.6 on Debian 6.0. Using the server actually works well, I can allow/deny access to shares based on groups etc. But I can't see user names in the security tab in Windows explorer (I only see the sid). As a consequence, I also can't set permissions from Windows. In fact, to be more precise, users and groups that exist locally on the system *do* show up in the security tab. Those in ldap do not. -- Frank Van Damme No part of this copyright message may be reproduced, read or seen, dead or alive or by any means, including but not limited to telepathy without the benevolence of the author.
Frank Van Damme
2011-Jul-12 13:29 UTC
[Samba] invalid SID in passdb on stand-alone file server with ldapsam
2011/7/12 Frank Van Damme <frank.vandamme at gmail.com>:> hello! > > I got some log message I can't explain. when I log in to a server it says: > > [2011/07/12 14:20:41.784580, ?0] passdb/passdb.c:627(lookup_global_sam_name) > User frvdamme with invalid SID S-1-5-21-2863620551-4077714424-203869783-5020 in > passdb > > It's a standalone file server, no domain, and the password backend is > (open)ldap. Samba is version 3.5.6 on Debian 6.0. Using the server > actually works well, I can allow/deny access to shares based on groups > etc. But I can't see user names in the security tab in Windows > explorer (I only see the sid). As a consequence, I also can't set > permissions from Windows. > > In fact, to be more precise, users and groups that exist locally on > the system *do* show up in the security tab. Those in ldap do not.OK, replying to myself: the problem turned out to be the fact that my "samba-admin" ldap user wasn't allowed to read the sambaSID attribute. Now onto setting permissions :-) -- Frank Van Damme No part of this copyright message may be reproduced, read or seen, dead or alive or by any means, including but not limited to telepathy without the benevolence of the author.