similar to: Bad SID under a samba member domain

I have a domain with Samba 3 acting as PDC, and using LDAP (passdb backend = ldapsam). I now wanted to add a second Samba 3 machine as a simple file server. I get errors with getdomainsid and getlocalsid, so there is obviously still something wrong with my config. The PDC runs Samba 3.5.6 on Debian Squeeze. Sid queries return: # net getdomainsid SID for local machine MY_PDC_HOST is:

I have a classic domain. The PDC and BDC are Samba 3.6.25 on Solaris 11. I have two domain members also Samba 3.6.25 on Solaris 11. I have two domain members that are samba 4.1.17 on Fedora Core 21. LDAP backend for unix and samba accounts. in smb.conf on member servers idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config MYDOMAIN

It looks as if 2-way trusts are working between Samba and PCNL and between Samba/NT4. The one exception seems to be logging in as Samba/myname on the ENT4 PDC. I had created a ENT4/myname account. I had forgotten to add SAMBA/myname to the local users group on the ENT4 PDC before trying to the ENT4 PDC as SAMBA/myname. If I log in as SAMBA/anothername it is OK. This isn't real show

Hi, I am receiving the following error message on Samba domain member (SLES9/3.0.24). Both PDC and BDC are Samba (smbldap) (SUSE 10.1 Samba 3.0.22): "User nobody with invalid SID S-1-5-21-3838309271-3077283710-20730714-2998 in passdb" This message is new having upgraded to current version from most recent shipped with SLES9. I am trying to figure out if this is related to the issue

On 17/12/14 23:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers are > in LDAP so there is problem with consistency unix/windows id and group > mapping on the domain controllers. The domain

On 17/12/14 22:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers > are in LDAP so there is problem with consistency unix/windows id and > group mapping on the domain controllers. The domain

On 18/12/14 16:43, Gaiseric Vandal wrote: > I think IDMAP_RID would not be the appropriate solution for me. Not > only do I want consistent IDMapping across all servers - which this > could do - but I want them to match the the existing unix uidNumber > in LDAP. You never said that you had uidNumber in LDAP!, in fact you seemed to mention every winbind backend except the one that

On 18/12/14 17:24, Gaiseric Vandal wrote: > I don't have an AD backend for this domain. The DC's are "classic" > domain controllers, Samba 3.6 , with LDAP backend for all accounts. > Would this still be an option? > > > > > I tried adding > > > idmap config MYDOMAIN:schema_mode = rfc2307 > idmap config MYDOMAIN:backend = ad > idmap

I think IDMAP_RID would not be the appropriate solution for me. Not only do I want consistent IDMapping across all servers - which this could do - but I want them to match the the existing unix uidNumber in LDAP. Thanks for your help. On 12/18/14 04:29, Rowland Penny wrote: > On 17/12/14 22:01, Gaiseric Vandal wrote: >> I have two Samba 3.6.24 domain controllers (Solaris

I have two Samba 3.6.24 domain controllers (Solaris 10.) On all machines unix accounts and groups are in the LDAP as well as idmap entries for trusted domains. Samba accounts on domain controllers are in LDAP so there is problem with consistency unix/windows id and group mapping on the domain controllers. The domain controllers are the main file servers as well. I am configuring a

I don't have an AD backend for this domain. The DC's are "classic" domain controllers, Samba 3.6 , with LDAP backend for all accounts. Would this still be an option? I tried adding idmap config MYDOMAIN:schema_mode = rfc2307 idmap config MYDOMAIN:backend = ad idmap config MYDOMAIN:range = 100-300 Didn't seem to work. Thanks On 12/18/14 11:57, Rowland

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We run a samba-2.2.x+LDAP domain, and I have been experimenting with samba3 as a member server on one of our production servers (when it has no open connections). I also have samba-2.2.x on it, which works fine. However, beta2 seems to not resolve sids to usernames, so the security tab in the file properties dialog from a windows box shows the sid,

I goofed adding some machines to my domain so now I have to do it all over. I removed the secrets.tdb and MACHINE.SID files, but when I join the domain again, the MACHINE.SID is not regenerated. How do I force them to be correctly regenerated on 2.2.4? Here's what I'm doing: 1. kill smb and winbind 2. delete secrets.tdb and MACHINE.SID 3. remove from NT4 PDC 4. add machine to NT4 PDC 5.

On Thu, 6 Jun 2002 Volker.Lendecke@SerNet.DE wrote: > One thing that struck me today is the fact that if you copy the > secrets.tdb to another machine, smbd will generate a new SID for the > machine and hand this out on lsaquery. The only way to create a working > BDC with 2.2.5 is to manually generate a MACHINE.SID from the PDC with > rpcclient/lsaquery, copy this over to the BDC

Is there a way to change SAMBA Domain SID? My SAMBA PDC Server hard drive crashed. I have created a new install with new Samba PDC Server. I know my old Domain SID. Is there a way to change the New Domain SID to original SID? I have read losts of thread here. I have tried "net setlocalsid SID" command on the SAMBA PDC Server. But, that did not change the Domain SID. I have

Hello Can two PDC of different domain name but the same domain SID coexist in the same nework? We are running Windows 2000 AD/PDC, but we do not use any of the AD's features. We don;t run even roaming profiles. We would like to migrate everything to Samba NT4-style PDC. I can migrate as much information as possible to a Samba PDC, unfortunately, all 2000/XP

Hi, I have a question regarding an issue I am having with our new Samba PDC. We used to be running an NT domain controller and about two months ago, I made the transition to a Debian linux box running Samba. The PDC is currently running Samba 3.0.8. My samba PDC is using the tdbsam backend and, for the most part is working flawlessly. However, when using smbpasswd to add samba accounts, I

Hello, I recently noticed a problem on our PDC (samba 3.0.32 on SLES 10 SP2) which I kind of know how to solve after web research but I am unclear about the possible consequences for our domain and clients. The situation is this: Originally samba was set up on this machine to test. Back then its hostname was infrahostnew, so there is a SID for that NETBIOS name in secrets.tdb. When the PDC went

Hello! I'd appreciate any help on this as I am stumped. I have 4 servers running Samba. The First is Acting as a PDC with roaming profile logons as well as an LDAP server. I am using the smbldap-tools to administer the two. That works great. I also have 3 other network file servers that are mapped to use LDAP from the PDC for posix account info. I set the smb.conf on each of them to use

I'll start off with my question: how do you change a user's SID? When I issue the command: [root@server root]# pdbedit -u testuser -U \ S-1-5-21-4000410194-515421893-615041212-2006 I see testuser:516:Test User [root@server root]# Then, I do "pdbedit -Lv testuser" and it still shows the old SID. Now, I'll give you a little background. Previously, this server (NetBIOS