[Samba] Incorrect domain SID when creating new users
Hi, I created a new user on our Samba domain master yesterday but the user was unable to login from WinXP to the domain. I think they got an error that a device connected to the system wasn't working. The user was created using smbldap-useradd. The logs showed this for the user workstation: _netr_LogonSamLogon: user FOO\efields has user sid S-1-5-21-908662176-1457135431-1537874043-3288 but group sid S-1-5-21-1979685110-1467996072-351907979-513. The conflicting domain portions are not supported for NETLOGON calls I used the phpadmin interface to change the domain part of the SID so it matched the domain and the user was able to login. The question is where do I set the domain SID? I remember doing it at some stage when I set-up the samba domain but I have forgotten. Can someone point me in the right direction. Sorry for the lazy post, I'm sure it I did some more digging I'd find it documented somewhere. Thanks in advance, Dermot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Incorrect domain SID when creating new users
I created a new user on our Samba domain master yesterday but the user was unable to login from WinXP to the domain. I think they got an error that a device connected to the system wasn't working. The user was created using smbldap-useradd. (...) The question is where do I set the domain SID? I remember doing it at some stage when I set-up the samba domain but I have forgotten. The SID number is configured in /etc/smbldap-tools/smbldap.conf smbldap-tools comes with a script to assist in the basic configuration of the tools. It's called configure.pl in most versions but the name was recently changed to smbldap-config.pl At least in RedHat-alike distros, the script resides in /usr/share/doc/smbldap-tools-x.x.x, where x.x.x is your particular version. Current version is 0.9.7-1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Incorrect domain SID when creating new users
fffOn 8 February 2012 10:18, Miguel Medalha miguelmeda...@sapo.pt wrote: (...) The question is where do I set the domain SID? I remember doing it at some stage when I set-up the samba domain but I have forgotten. The SID number is configured in /etc/smbldap-tools/smbldap.conf smbldap-tools comes with a script to assist in the basic configuration of the tools. It's called configure.pl in most versions but the name was recently changed to smbldap-config.pl Thanks for the reply. I can't recall runnning configure.pl. Before I cause myself any harm, I thought I should check with the list. The smbldap.conf says to run `net getlocalsid` to obtain the SID for the config. When I do that I get a different SID from what I was expecting. I would have expected the domain part of the local machine SID to match the domains SID but they do not (see below) and I would have expected the local machine SID to match what is in the smbldap.conf. net getdomainsid SID for local machine PDC is: S-1-5-21-597566789-4152996160-2957772391 SID for domain FOO is: S-1-5-21-1979685110-1467996072-351907979 grep SID /etc/smbldap-tools/smbldap.conf #SID=S-1-5-21-2252255531-4061614174-2474224977 SID=S-1-5-21-900663976-1457140431-1537874043 When I create a new user, the user get a primary group SID that looks like S-1-5-21-1979685110-1467996072-351907979-513 and a SambaSID that reads: S-1-5-21-900663976-1457140431-1537874043-3290 So I need to change the way the domain part of the primary group SID is defined and possibly edit the smbldap.conf so that the SID uses the domain SID. Does that sound correct? If so, how can I modify the primary group SID? Thanks again, Dermot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba