On 4/2/07, Allysson Steve Mota Lacerda <stevelacerda> wrote: >> >> When I try to login on the trusting domain (LABI) using an account of the >> trusted domain (ADMIN) the following message is shown: "A device connected >> to the system is not functioning ". My "log on to" is set to ADMIN. >> >> I had this problem a time ago because the SIDs of my users were wrong but >> I've fixed it.
As I understand it, that error is what you get when you can't connect to the domain. From Windows' point of view the connection to the domain controller is a virtual device, and it's not working. That's the error my users get because my interdomain trusts aren't working. I believe this is the way windows reports the error and you can't change that from inside samba (TooMuchCoffeeGuy will correct me if I'm wrong ;)). It causes problems because the Hell Desk sends the flying monkeys out to repair the "malfunctioning device" and they can't find one. >According to log.smbd, the user has an user SID refering to the trusted >domain but the group SID is from the trusting domain. I don't use groups and >the sambaPrimaryGroupSID field was empty. Even when I change the >sambaPrimaryGroupSID value the message is the same. >[2007/04/03 16:20:02, 2] auth/auth.c:check_ntlm_password(309) >check_ntlm_password: authentication for user [facomp] -> [facomp] ->[facomp] succeeded >[2007/04/03 16:20:02, 1] >rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) >_net_sam_logon: user ADMIN\facomp has user sid >S-1-5-21-2439387625-709437076-297468561-23822 >but group sid S-1-5-21-2029413396-4276977753-1550331494-513. >The conflicting domain portions are not supported for NETLOGON calls I'm honestly pretty far out of my depth here, but that's the same error I log also, and I believe it's because my domain trusts don't work. My theory at this point is that the workstation sees the user SID is not from the local domain, it attempts to query the remote domain that the SID belongs to, and when that fails the group sid defaults to 513 in the local domain (513 is the default local users group rid in Microsoft-land) and you are seeing the end of an error cascade at that point. >In both log.nmbd files I got the following messages: >> >> [2007/04/02 17:01:58, 0] >> nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) >> get_domain_master_name_node_status_fail: >> Doing a node status request to the domain master browser at IP >> <IP_OF_THE_OTHER_DOMAIN_PDC> failed. >> Cannot get workgroup name. >> >> I have two domains running on a single server (different NICs) and they >> share the WINS server. >> >> Can anyone help me? >> > -- > Allysson Steve Mota Lacerda > stevelacerda > http://www.stevelacerda.net > I do not believe I've been much help, except to say that I've got the same problems, in my 4 samba based domains that behave much the same way. Sorry! If you figure it out, let me know... --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
