Finally I was able to browse my [bart] home share from windows. But trying to change anything to the files resulted in an error and in the samba log appeared: --- [2003/11/13 12:05:10, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 0064 sub_auths : 00000015 03f528bd 261676f7 45c6efd9 00000201 [2003/11/13 12:05:10, 3] smbd/error.c:error_packet(113) error packet at smbd/nttrans.c(1707) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED [2003/11/13 12:05:10, 5] lib/util.c:show_msg(456) --- Also other shares, both on a acl enabled and non-acl filesystem give the same error.
So I decided to try to change the ldap data concerning uid and gid for user bart in ldap, since I figured that during my desperate (andtherefore not always by causal explanation) search for a solution I messed something up there. I removed user bart from ldap, and added again with smbldap-useradd.pl -a bart. In the ldap entries is now the following information: idunumber = 1007 (equal to unix uid), SambaSID = domainSID + after the dash 3014, gidnumber = 513 (equal to unix gid), SambaPrimaryGroupSID= domainSID + after the dash 2027. If I look from windows now, the owner of a share (that is bart in unix) is \\linux\sys (linux being the samba server hostname), it used to say \\linux\bart when my sambaSID was the domain SID + 1007 after the dash and, and my home share with name bart dissappeared, and the homes share is not accessible. >From the samba log I caught this: --- NT user token: (NULL) [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/11/13 13:57:28, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-66398397-639006455-1170665433-501)(objectclass=sambaSamAccount))] [2003/11/13 13:57:28, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1099) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-66398397-639006455-1170665433-501] count=0 --- and --- [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-66398397-639006455-1170665433-501 contains 7 SIDs SID[ 0]: S-1-5-21-66398397-639006455-1170665433-501 SID[ 1]: S-1-5-21-66398397-639006455-1170665433-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-66398397-639006455-1170665433-132067 SID[ 6]: S-1-5-21-66398397-639006455-1170665433-132069 [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65533 and contains 3 supplementary groups Group[ 0]: 65533 Group[ 1]: 65533 Group[ 2]: 65534 --- I have no uid 501 anywhere specified. I have the feeling that I am lost somewhere between LDAP authentification (this works, but not when I use sid's as proposed by Adrew Bartlett - see below and above) and unix authentication (even when LDAP authenticates my user, I can not change anything in the share, just read access). Where can I find information about how to populate the LDAP-directory? Or an example of a working configuration? Bart. On Thu, 2003-11-13 at 01:16, Andrew Bartlett wrote: > On Thu, 2003-11-13 at 03:11, Carl Weiss wrote: > > Ok if all your users have the same SID xxx-3000 they are not incrementing > > correctly in the add user script. I had this same problem when I wasn't > > correctly authenticating to the LDAP server I was in fact using the > > /etc/passwd file, and then using the same test user accounts that I had on > > the box, i.e. cweiss in ldap and cweiss in /etc/passwd. > > > > To further test change all your SID's manually with an graphical editor like > > GQ. I'm guessing you don't have too many because it's a test install. Also > > make sure to change the SID's of any computers you added. > > > > When I initially found this problem I created a new function in the adduser > > script to find the highest UID and increment by one. The user sid is > > calculated by UID+RID*2 > > UID*2 + 1000 > > GID*2 + 1001 > > is the traditional algorithm. Use it if possible. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba