Hi all To the above problem i would like to add. The domain is msdpl.com and the server netbios name is medhapdc when i type #net getlocalsid/ i get SID for domain MEDHAPDC is: S-1-5-21-3963901886-956592875-555457773 the above sid is the sid which is stored in /etc/smbldap-tools/smbldap.conf file where as if i type #net getlocalsid msdpl.com SID for domain msdpl.com is: S-1-5-21-826493912-338369434-3047185250
why are both different. i am unable to understand. we did not do any thing, but suddenly this happened. all my desktop's are losing the trust relation ship. please help me Regards ashok On 2/16/07, ashok cvs <[EMAIL PROTECTED]> wrote:
Hi all we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's Suddenly on PDC we are getting these error messages in /var/log/messages I am unable to register any system to the domain. niether able to logon to the domain. ########################################################################################## Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0] lib/util_sock.c:send_smb(765) Feb 15 11:14:32 msdpl smbd[18212]: Error writing 5 bytes to client. -1. (Connection reset by peer) Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain ##################################################################### when typing net rpc info it gives the following error rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2007/02/15 21:12:52, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed out: server did not respond after 10000 milliseconds this is net rpc error but when we type #net getlocalsid it gives the SID S-1-5-21-3963901886-956592875-555457773 Actually my server's SID is the same as above. what does the above error means . The below is my smb.conf ####################################################################################### [global] workgroup = msdpl.com netbios name = medhapdc passdb backend = ldapsam:ldap://msdpl.com server string = Domain Controller hosts allow = 192.168.128. 192.168.129. 192.168.130. 127. security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0,lo printing = cups disable spoolss = Yes printcap name = cups max print jobs = 100 enable privileges = yes log level = 2 password level = 8 username level = 8 bind interfaces only = yes local master = Yes os level = 65 domain master = yes preferred master = yes remote browse sync = 192.168.130.3 null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes logon script = %u.bat logon path = logon drive = X: logon home = wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/%m.log max log size = 50 nt acl support = yes ldap passwd sync = yes add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%m" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' ldap delete dn = Yes ldap ssl = no ldap suffix = dc=msdpl,dc=com ldap admin dn = cn=manager,dc=msdpl,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People check password script = /usr/local/bin/crackcheck -s map acl inherit = yes winbind use default domain = yes template shell = /bin/false ######################################################[Share Definations]########################################### [homes] comment = Home Directories valid users = %S, root browseable = no read only = no nt acl support = Yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /netlogon/scripts guest ok = yes browseable = yes write list = root, kr1233 #Profiles Share [profiles] comment = Profiles Share path = /profiles/%U read only = No browseable = yes writeable = yes veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/desktop.ini ####################################################################################### ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap ldap timeout = 50 idmap backend = ldap:ldap://msdpl.com idmap uid = 10000-20000 idmap gid = 10000-20000 Please help me Regards ashok
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
