On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti <thefanta...@gmail.com> wrote: > Hi Nico Kadel-Garcia, > thanks for reply. Path for smbldap is correct. Other log file have
Then you have a manually built and installed smbldap-tools, and you should probably replace it with the one from Red Hat or your Red Hat rebuild provider. For consistence and compatibility with your RPM supplied Samba, I urge you to use the distribution provided smbldap-tools package and move aside the hand-built versions you have in /usr/local/bin. While this won't necessarily solve your problem, it gives all of us a consistent reference as to what tools and versions of tools you're using. It's also why I spend so much time RPM bundling software, so both people I support and I are using the same package from the same, clean build environment. Nico Kadel-Garcia <nka...@gmail.com> > 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) > The primary group domain > sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the > domain sid(S-1-5-21-2427793829-1009842549-3523806979) for > Manager(S-1-5-21-2427793829-1009842549-3523806979-500) > [2013/01/25 17:20:13.974250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2013/01/25 17:20:13.974286, 0] auth/check_samsec.c:491(check_sam_security) > check_sam_security: make_server_info_sam() failed with > 'NT_STATUS_UNSUCCESSFUL' > [2013/01/25 17:20:13.974506, 3] > auth/auth_winbind.c:60(check_winbind_security) > check_winbind_security: Not using winbind, requested domain [gis] > was for this SAM. > [2013/01/25 17:20:13.974542, 2] auth/auth.c:319(check_ntlm_password) > check_ntlm_password: Authentication for user [Manager] -> [Manager] > FAILED with error NT_STATUS_UNSUCCESSFUL > [2013/01/25 17:20:13.974610, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) > NT_STATUS_UNSUCCESSFUL > [2013/01/25 17:20:24.885770, 1] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 192.0.200.149 read error = > NT_STATUS_CONNECTION_RESET. > [2013/01/25 17:20:24.885923, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2013/01/25 17:20:24.886102, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (failed to receive smb request) > > > Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is > workin so it is possible disable sid check in samba-3.6? > > Fabrizio. > > Well, for one thing, if you updated to samba3x your binaries for >> >> things like "smbldap-usermod" are all going to be in /usr/bin, not >> /usr/local/bin. > > path is correct, files smbldap are in /usr/local/bin. > >> >> Did you have an old hand-built Samba lying around? If >> you did, you need to clear it. > > > > > > > > > >> >> >> > Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] >> > auth/check_samsec.c:491(check_sam_security) >> > Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: >> > make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' >> > Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] >> > auth/check_samsec.c:491(check_sam_security) >> > Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: >> > make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' >> > >> > This configuration of samba >> > >> > [root@VmPDC ~]# testparm >> > Load smb config files from /etc/samba/smb.conf >> > Processing section "[netlogon]" >> > Processing section "[profiles]" >> > Loaded services file OK. >> > Server role: ROLE_DOMAIN_PDC >> > Press enter to see a dump of your service definitions >> > >> > [global] >> > workgroup = GIS >> > passdb backend = ldapsam:ldap://192.0.200.2/ >> > log file = /var/log/samba/log.%U >> > time server = Yes >> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> > SO_KEEPALIVE >> > add user script = /usr/local/bin/smbldap-useradd -a -m -P "%u" >> > delete user script = /usr/local/bin/smbldap-userdel -r "%u" >> > add group script = /usr/local/bin/smbldap-groupadd -p "%g" >> > delete group script = /usr/local/bin/smbldap-groupdel "%g" >> > add user to group script = /usr/local/bin/smbldap-groupmod -m "%u" >> > "%g" >> > delete user from group script = /usr/local/bin/smbldap-groupmod -x >> > "%u" "%g" >> > set primary group script = /usr/local/bin/smbldap-usermod -g "%g" >> > "%u" >> > add machine script = /usr/local/bin/smbldap-useradd -w "%u" >> > logon path = >> > logon home = >> > domain logons = Yes >> > os level = 33 >> > preferred master = Auto >> > domain master = Yes >> > ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra >> > ldap delete dn = Yes >> > ldap group suffix = ou=group >> > ldap machine suffix = ou=machines >> > ldap passwd sync = yes >> > ldap suffix = dc=sigesgroup,dc=intra >> > ldap ssl = no >> > ldap user suffix = ou=People >> > idmap config * :range = 5000 - 50000 >> > ldapsam:editposix = yes >> > ldapsam:trusted = yes >> > idmap config * : backend = ldap:ldap://192.0.200.2/ >> > >> > [netlogon] >> > comment = Network Logon Service >> > path = /home/netlogon >> > guest ok = Yes >> > >> > [profiles] >> > path = /home/profiles >> > read only = No >> > create mask = 0600 >> > directory mask = 0700 >> > >> > why is not it working? >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba