Check the default group (and any others, for that matter) associated with the users that cannot logon. If Samba sees a group with a SID not from its own domain, it will detect a clash and fail the logon.
Mind you, this is an issue in your database that is causing new users in *your* domain to be associated with group SIDS likely from the "legacy" domain from which your database originated. You must purge from your database all references to SIDS from that old domain, or variations of this issue may recur. Best of luck in solving the issue. Warm regards, David On Dec 21, 2009 5:39 AM, "Leonardo Carneiro" <[email protected]> wrote: Hi guys. I'm still stuck with that user that can't logon. This is what i got with some commands: fileserver:~# net groupmap list Domain Admins (S-1-5-21-874179082-3571801642-3889913597-512) -> Domain Admins Domain Users (S-1-5-21-874179082-3571801642-3889913597-513) -> Domain Users Domain Guests (S-1-5-21-874179082-3571801642-3889913597-514) -> Domain Guests Domain Computers (S-1-5-21-874179082-3571801642-3889913597-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators admfin (S-1-5-21-874179082-3571801642-3889913597-3001) -> admfin industrial (S-1-5-21-874179082-3571801642-3889913597-3003) -> industrial qualidade (S-1-5-21-874179082-3571801642-3889913597-3019) -> qualidade todos (S-1-5-21-874179082-3571801642-3889913597-3023) -> todos infra (S-1-5-21-874179082-3571801642-3889913597-47827) -> infra diretoria (S-1-5-21-874179082-3571801642-3889913597-17759) -> diretoria comercial (S-1-5-21-874179082-3571801642-3889913597-90607) -> comercial instalacao (S-1-5-21-874179082-3571801642-3889913597-111769) -> instalacao atendimento (S-1-5-21-874179082-3571801642-3889913597-68367) -> atendimento veltrac (S-1-5-21-874179082-3571801642-3889913597-3031) -> software hardware (S-1-5-21-874179082-3571801642-3889913597-3021) -> hardware mapas (S-1-5-21-874179082-3571801642-3889913597-120591) -> mapas importacao (S-1-5-21-874179082-3571801642-3889913597-130555) -> importacao fileserver:~# net getlocalsid SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597 fileserver:~# net getdomainsid SID for local machine DOMINIO is: S-1-5-21-874179082-3571801642-3889913597 SID for domain DOMINIO is: S-1-5-21-874179082-3571801642-3889913597 Apparently, the domain sid matchs with most part of the groups sid. can you guys see something wrong here? *Leonardo de Souza Carneiro* *Veltrac - Tecnologia em LogĂstica.* [email protected] <mailt... Leonardo Carneiro escreveu: > > The database from ldap was a copy from another domain, that existed in another network. i've do... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
