Am Mittwoch, 11. März 2009 13:30 schrieb BOURIAUD: > On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote: > > Hi ! > > I'm running a samba domain controler under rhel 5. It's version > > 3.0.33-3.7.el5. > > I've also installed a ldap server to store users and groups and so > > on. When I try a pdbedit -v david, I get the following : > > > > Unix username: david > > NT username: david > > Account Flags: [U ] > > User SID: S-1-5-21-215069222-2822928016-2390355089-1016 > > Finding user david > > Trying _Get_Pwnam(), username as lowercase is david > > Get_Pwnam_internals did find user [david]! > > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], > > filter => [(&(objectClass=sambaGroupMapping)(gidNumber=666))], > > scope => [2] init_group_from_ldap: Entry found for group: 666 > > lookup_global_sam_rid: looking up RID 666. > > smbldap_search_ext: base => [ou=ia27,dc=ac-rouen,dc=fr], filter => > > [(&(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) > > (objectclass=sambaSamAccount))], scope => [2] > > ldapsam_getsampwsid: Unable to locate SID > > [S-1-5-21-215069222-2822928016-2390355089-666] count=0 > > smbldap_search_ext: base => [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], > > filter => [(&(objectClass=sambaGroupMapping) > > (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope => > > [2] init_group_from_ldap: Entry found for group: 666 > > lookup_rids: CDTI:2 > > Primary Group SID: S-1-5-21-215069222-2822928016-2390355089-666 > > Full Name: david > > > > The weird thing is ldapsam_getsampwsid: Unable to locate SID > > > > I think I made a mistake when creating both unix groups and samba > > groups. Here is how the unix group is defined : > > > > dn: cn=cdti,ou=Group,BASEDN > > objectClass: posixGroup > > objectClass: top > > cn: cdti > > userPassword: {crypt}x > > gidNumber: 666 > > > > Here is how the samba group is defined : > > > > dn: cn=CDTI,ou=Groups,BASEDN > > objectClass: top > > objectClass: posixGroup > > objectClass: sambaGroupMapping > > cn: CDTI > > description:: > > Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm > > 1hdGlvbg== sambaGroupType: 2 > > memberUid: david > > gidNumber: 666 > > sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 > > > > And here is what the user's definition : > > > > dn: uid=david,ou=SambaUsers,BASEDN > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: shadowAccount > > objectClass: sambaSamAccount > > cn: david > > sn: david > > givenName: david > > uid: david > > uidNumber: 1016 > > homeDirectory: /smbhome/users/david/samba > > loginShell: /bin/bash > > gecos: System User > > sambaLogonTime: 0 > > sambaLogoffTime: 2147483647 > > sambaKickoffTime: 2147483647 > > sambaPwdCanChange: 0 > > sambaPwdMustChange: 2147483647 > > displayName: david > > sambaLogonScript: logon.bat > > sambaProfilePath: \\DOMAIN_SERVER\profiles\david > > sambaHomePath: \\DOMAIN_SERVER\david > > sambaHomeDrive: P: > > sambaLMPassword: PLOP > > sambaNTPassword: PLOP > > sambaPasswordHistory: > > 000000000000000000000000000000000000000000000000000000 0000000000 > > sambaPwdLastSet: 1228486572 > > userPassword: {SSHA}PLOP > > sambaAcctFlags: [U ] > > sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 > > gidNumber: 666 > > sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 > > > > > > Of course, I've obfuscated what I found that has not point with my > > problem ! > > > > I think that the problem comes from the groups, both the unix one > > and the samba one, but I don't know how to fix it. > > If anyone could tell me what I could to to correct this, that would > > be great ! I hope I've given enough informations, but if you think > > I should give more, fell free to ask. I'd really like to get rid of > > this anoying message. Thanks in advance ! > > UP ! Noone to help me with that ? First things first: Read the f... manual
- you should not have 2 groups with the same gidNumber - sambaLMPassword & sambaNTPassword do not hold the password in ascii, both must contain password hashes Go back, and take some time to read the docs -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba