Hi guys.
I'm still stuck with that user that can't logon. This is what i got with
some commands:
fileserver:~# net groupmap list
Domain Admins (S-1-5-21-874179082-3571801642-3889913597-512) ->
Domain Admins
Domain Users (S-1-5-21-874179082-3571801642-3889913597-513) ->
Domain Users
Domain Guests (S-1-5-21-874179082-3571801642-3889913597-514) ->
Domain Guests
Domain Computers (S-1-5-21-874179082-3571801642-3889913597-515) ->
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
admfin (S-1-5-21-874179082-3571801642-3889913597-3001) -> admfin
industrial (S-1-5-21-874179082-3571801642-3889913597-3003) -> industrial
qualidade (S-1-5-21-874179082-3571801642-3889913597-3019) -> qualidade
todos (S-1-5-21-874179082-3571801642-3889913597-3023) -> todos
infra (S-1-5-21-874179082-3571801642-3889913597-47827) -> infra
diretoria (S-1-5-21-874179082-3571801642-3889913597-17759) -> diretoria
comercial (S-1-5-21-874179082-3571801642-3889913597-90607) -> comercial
instalacao (S-1-5-21-874179082-3571801642-3889913597-111769) ->
instalacao
atendimento (S-1-5-21-874179082-3571801642-3889913597-68367) ->
atendimento
veltrac (S-1-5-21-874179082-3571801642-3889913597-3031) -> software
hardware (S-1-5-21-874179082-3571801642-3889913597-3021) -> hardware
mapas (S-1-5-21-874179082-3571801642-3889913597-120591) -> mapas
importacao (S-1-5-21-874179082-3571801642-3889913597-130555) ->
importacao
fileserver:~# net getlocalsid
SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
fileserver:~# net getdomainsid
SID for local machine DOMINIO is:
S-1-5-21-874179082-3571801642-3889913597
SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597
Apparently, the domain sid matchs with most part of the groups sid. can
you guys see something wrong here?
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
[email protected] <mailto:[email protected]>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
Leonardo Carneiro escreveu:
The database from ldap was a copy from another domain, that existed in
another network. i've done a slapcat in the old domain and did a
slapadd in this new one (both domain have the same name). But this
happened about 2 years ago. After a samba and ldap upgrade via
apt-get, the duplicated domains message start to pop (abouth 3 months
ago). Just now i've solved, but now, this =S.
I'll try some of the stuff you guys sugested me.
tks and sorry for my poor english.
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
[email protected] <mailto:[email protected]>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
David Whitney escreveu:
Unless I've blown my memory on Windows internals, each user's SID is
comprised of the domain's SID, then a "self-refential" RID portion. That
means a user from the domain DOMINIOS should NOT have what amounts to a
"prefix" that looks as though it came from a different domain. But
unless
I'm mistaken, your logs are telling you exactly that - the domain
portion of
the group and user SID's indicate different domains, and that
indicates a
problem.
One theory is that perhaps your domain was created, groups and users
were
created, but then for some reason your domain SID changed, and
perhaps that
led to your described duplicate domain entry (?) problem.
Anyway, I'd take a look at the SIDS of other users and groups and see if
this problem exists for other users or groups on your domain.
-David
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
