lejeczek
2016-Oct-24 20:23 UTC
[Samba] 3.6.23-36.el6_8 and 4.2.10 = SIDs interoperability problem?
hi people I have in userdb LDAP backend this one user (and many others): (raw ldap): # user243, People, xxzz.tech dn: uid=user243,ou=People,dc=xxzz,dc=tech objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount uid: user243 homeDirectory: /home/user243 loginShell: /bin/bash sambaLogonTime: 0 sambaLogoffTime: 2147483647 gecos: Some User sambaPwdCanChange: 2147483647 mail: user243 at xxzz.tech sn: User cn: Some User givenName: Some displayName: Some User gidNumber: 513 uidNumber: 1177 sambaSID: S-1-5-21-2925918746-2661067204-1764633667-2002 sambaLMPassword: ED84DDFFD9A97C2ECA922D8A7EE0CA0B sambaAcctFlags: [U] sambaNTPassword: 079073B583031A7AAE5D5C2D049FC05A userPassword:: e1NTSEF9TEl6QXB1TEpkNDZ6N1hxWFFiNFhTWUtxbXZKcmMwOTUshadowLastChange: 17038 shadowWarning: 4 shadowExpire: 17449 shadowMax: 99999 sambaKickoffTime: 1507597200 sambaPwdLastSet: 1476091342 sambaPwdMustChange: 2147483647 shadowMin: 99999 now, one server (4.2.10) fails, smbclient locally: SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE pdbedit -v ... Primary group S-1-5-21-2925918746-2661067204-1764633667-513 for user user243 is a UNKNOWN and not a domain group Forcing Primary Group to 'Domain Users' for user243 ..but remaining info gets shown. Another server (3.6.23-36.el6_8) which is PDC (it's not AD setup) has no problems whatsoever. Before you ask for logs, when I do smbclient or pdbedit on failing (4.2.) server then nothing gets logged, even with level 10 of debugging. Only journald logs: 0, pid=37787, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:494(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INVALID_SID' Every help most appreciated. L.
lejeczek
2016-Oct-24 20:49 UTC
[Samba] 3.6.23-36.el6_8 and 4.2.10 = SIDs interoperability problem?
egh, wrong copy-paste, should be: SPNEGO login failed: Indicates the SID structure is not valid. session setup failed: NT_STATUS_INVALID_SID On 24/10/16 21:23, lejeczek via samba wrote:> SPNEGO login failed: Logon failure > session setup failed: NT_STATUS_LOGON_FAILURE
Apparently Analagous Threads
- problem in building an R package
- [Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
- 'ssh -f' option, interoperability with ssh v2.3.0
- ldiskfs-ext4 interoperability question
- G729a and G729 interoperability