Now I am unable to set the user's account to Must Change Password. I
tried it in LDAP Account Manager and with PDBEDIT and it simply will not
change, something is definitely wrong here with my setup.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Jason Baker wrote:
net rpc info
should match. I am not sure about get local sid as it failed on my pdc.
# net rpc info
Password:
Domain Name: GLASTENDERNET
Domain SID: S-1-5-21-1194936901-2368177035-684874509
Sequence number: 1184678015
Num users: 100
Num domain groups: 39
Num local groups: 0
This seems correct.
I re-ran the smbldap_tools configuration script, so I'm quite sure all
is correct with that.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK----- Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++
------END GEEK CODE BLOCK------
John Drescher wrote:
On 7/17/07, *Jason Baker* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
This is saying that your user and group have confilcting sids
because
they should share the same base sid as everything else on the
domain.
To fix this you need to go through your ldap database and make sure
that all sids have the same base.
This is very strange. I added this user using the
/etc/smbldap-tools/smbldap-useradd script. Which yielded a user
SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid
S-1-5-21-1194936901-2368177035-684874509-513. If I check all my
other users they have a user sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
and a group sid such as;
S-1-5-21-1194936901-2368177035-684874509-XXXX
If I run the command: net getlocalsid on the PDC I get:
SID for domain ASTER is:
S-1-5-21-3568796296-2565465778-716510536
Shouldn't the PDC SID match the user and group SIDs?
net rpc info
should match. I am not sure about get local sid as it failed on my pdc.
So I deleted the user account, went into the LDAP Account Manager
tool from a web browser, recreated the user, and now the user SID
is correct:
S-1-5-21-1194936901-2368177035-684874509-3408
I then went back and tried to add a test user account using the
/etc/smbldap-tools/smbldap-useradd script, and I get the following
error:
Could not find base dn, to get next uidNumber at
/etc/smbldap-tools//smbldap_tools.pm line 1046, <DATA> line 283
I'm not sure whats going on, everything worked fine until I
upgraded to 3.0.25.
Are you sure your smbldap tools conf files did not get updated somehow?
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
