On Thursday 12 March 2009 12:36:07 Harry Jede wrote: Hi ! It is great to work with you. At least, you know what you're talking about, which is not my case on this peculiar point. > > Hmmh... > common praxis is this not. Almost all admins use test systems. May be > some virtual systems.
I know that, but I found the mistake after the system was put in place of the old one, and you know, what is done is done. I must go on with that. > > May be you have a caching daemon like nscd on your system. If so, you > must invalidate the group cache. > nscd -i group > will do this normaly. I've checked it up : no nscd daemon running on the machines. Did I write it anywhere that the samba machine and the ldap one were not the same ? Though it shouldn't change anything, I think it is worth say it now /o\ > > > Is the "Unable to locate SID" normal ? > > Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount) > with this rid. > So you see, you MUST also have uniq RIDs. You cannot have a user and a > group with identical SID/RID. This comes from the M$-World, I > believe :-( . > > > And why the hell does pdbedit find two rids for CDTI since I deleted > > all that refered to the group I deleted ? > > Has samba really found 2 groups with the same RID, or has samba found 2 > groups with the "same" name, ctdi and CTDI? > > Try a ldapsearch: > ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666 > > ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn I've tried both searches, and in every case, only one entry is found, the one that is expected. It belongs to ou=Groups and is defined like this : dn: cn=CDTI,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm1h dGlvbg== sambaGroupType: 2 displayName: CDTI gidNumber: 666 SambaSID: S-1-5-21-215069222-2822928016-2390355089-666 I've also rebuild the ldap indexes, but nothing changes this behaviour. (on the ldap machine, as root, I went to the ldap db directory, and typed in : $ service ldap stop && slapindex && chown ldap:ldap * && service ldap start ) So on, with all your great help, I'll take some time to check up once again all the configuration of both machines, the samba one and the ldap one. Thanks again. > > Gruss > Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba