On Tue, 2005-03-22 at 00:12 +0100, Tony Earnshaw wrote: > John Zakhar: > > > First email was rejected due to size so the log files are inline in the > > msg now.. > > > > I have NEVER had so much trouble with a > > samba PDC before. I need to turn in my unix admin license, this is > > pathetic... > > Hey wait a minute, we all get fits like that now and again. Have to admit > that mine mostly come with Windows, I can always get Unix/Linux to work ;) > > This could take some time, I live in Europe, it's near my bedtime, I'm > licked for today and I need sleep. What's more, I'm a modem person at home > and am only connected a couple of times a day. > > Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP > 2.2.23. on RHAS3, so ... > > > Anyway, I am here. When trying to join a domain with the administrator > > account I get "no mapping between account name and security ID's was done" > > And the joining fails... > > > > > > All the needed files are attached, from the ldap log. to the samba.conf > > to the ldifs of the machine, root and admin account. Trying with the root > > account nets me the same error > > There's too much shit there. You're getting hung up in the details. And I > didn't see any LDAP log, even if I had, it probably would have been > useless. You need to do a 'tail -f' on it (-d 256) while things are > happening to get any sense from it. > > Your local SIDs are all messed up for a start. You have: > > S-1-5-21-1391849139-953726148-1374988380 > and > S-1-5-21-3107161993-1039155829-3332455197 > > all mixed up together. ---- yeah - this is a problem for sure ---- > > And the following SIDs can surely not be right: > > Administrators (S-1-5-32-544) -> Administrators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators ---- actually - these are considered to be 'local groups' and not domain groups so these would be correct ---- > > Get all that sorted out before you go on. > > Your smb.conf looks more or less o.k. (didn't dwell on it) > > You're using the Idealx crap without understanding LDAP or what you're > doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look > at the alternative Appendix A method of using LDAP in Samba in the Samba > HOWTO. Here are my mappings up to now at my production site (sorry about > the wrapping, I decided to use SquirrelMail for this mail and it always > breaks at 76 chars): > > Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin > Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest > Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser > Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) -> > personeel > Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) -> > docenten > Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) -> > leerlingen > Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) -> > directie > Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) -> > administratie > > Never mind that you don't know what the Dutch words mean. See that I map > from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the > domain SIDs are all the same? > > The secrets are in Appendix A of the Samba HOWTO and in getting things > working with GQ. > > Get those right, and I'll see if I can come back tomorrow ;) ---- there was too much to sift through in the first post
Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
