This is saying that your user and group have confilcting sids because
they should share the same base sid as everything else on the domain.
To fix this you need to go through your ldap database and make sure
that all sids have the same base.
This is very strange. I added this user using the
/etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of
S-1-5-21-3568796296-2565465778-716510536-3404 but group sid
S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other
users they have a user sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
and a group sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
If I run the command: net getlocalsid on the PDC I get:
SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536
Shouldn't the PDC SID match the user and group SIDs?
So I deleted the user account, went into the LDAP Account Manager tool
from a web browser, recreated the user, and now the user SID is correct:
S-1-5-21-1194936901-2368177035-684874509-3408
I then went back and tried to add a test user account using the
/etc/smbldap-tools/smbldap-useradd script, and I get the following error:
Could not find base dn, to get next uidNumber at
/etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283.
I'm not sure whats going on, everything worked fine until I upgraded to
3.0.25.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
John Drescher wrote:
On 7/16/07, Jason Baker <[EMAIL PROTECTED]> wrote:
I have a working Samba PDC, I can log in and out from a windows xp
workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new
user, I get:
The system cannot log you on due to the following error:
A device attached to the system is not fuctioning
Please try again or consult your system administrator
I have network connectivity. I was able to join this machine to the
domain through windows xp. I can log on to the domain from this machine
with an existing user. All file and directory permissions are correct:
If I run the smbclient command I get:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
I believe that means that samba could not find the PDC via name
resolution.
Samba is indeed running. If I run smbclient with an existing user I get:
I found this entry in the domain controllers samba log:
[2007/07/16 13:55:13, 5]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
_net_sam_logon: check_password returned status NT_STATUS_OK
[2007/07/16 13:55:13, 1]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
_net_sam_logon: user GLASTENDERNET\jrolfe has user sid
S-1-5-21-3568796296-2565465778-716510536-3404
but group sid S-1-5-21-1194936901-2368177035-684874509-513.
The conflicting domain portions are not supported for NETLOGON
calls
<----------------------CUT---------------------->
This is saying that your user and group have confilcting sids because
they should share the same base sid as everything else on the domain.
To fix this you need to go through your ldap database and make sure
that all sids have the same base.
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
