Hi Marco,
> I use Samba + Ldapas a domain controller but after the update the
> version of Debian6 to Debain 7I can't authenticate my users in the
Samba
> server.
>
> logs:
>
>
> [2013/05/23 08:29:55.811240, 1] auth/server_info.c:386(samu_to_SamInfo3)
> The primary group domain
> sid(S-1-5-21-3651478259-4121578499-3132057975-513) does not match the
> domain sid(S-1-5-21-3182595135-1874831366-4239877494) for
> user(S-1-5-21-3182595135-1874831366-4239877494-60012)
> [2013/05/23 08:29:55.811383, 0]
> auth/check_samsec.c:491(check_sam_security)
> check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_UNSUCCESSFUL'
>
>
> # net getlocalsid
> SID for domain ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
>
> # net getdomainsid
> SID for local machine ROCKY is: S-1-5-21-2260219023-4180104146-1160048873
> SID for domain PRINTERRESERVA is: S-1-5-21-3651478259-4121578499-3132057975
>
> #pdbedit -v user
> User SID: S-1-5-21-3182595135-1874831366-4239877494-60012
> Primary Group SID: S-1-5-21-3651478259-4121578499-3132057975-513
You user SID is composed of the domain SID (ie
S-1-5-21-3182595135-1874831366-4239877494-60012), which is the same for
all users and groups of a domain, and the end part which is the user RID
(relative ID) -60012.
Same thing for your group SID.
So you can see here that the domain SID part of the user SID is not the
same as the domain SID S-1-5-21-3651478259-4121578499-3132057975. That
is what your debug log message basically says. I don't think that it is
just a squeeze to wheezy upgrade that would have messed'up that much
with you ldap entries. You should double check your ldap.
And take a look at samba4, it is much easier to setup and manage.
Cheers,
Denis
>
> Thanks,
>
>
> Marcos.
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr