Reading :
http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed
it seems there are options not to check having consistant SIDs.
Otherwise, I used the solution with :
net setlocalsid
and it worked for me.
Jacky
---
Here, the details of what I did :
BEFORE :
j-carimalo@j-carimalo-desktop:~$ smbclient //172.18.220.10/test -U
j-carimalo
Enter j-carimalo's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
root@doctoriale:/var/log/samba# vi log.j-carimalo-desktop
[2013/02/04 18:39:53.255226, 3]
passdb/lookup_sid.c:1754(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for j-carimalo
[2013/02/04 18:39:53.255402, 1] auth/server_info.c:386(samu_to_SamInfo3)
The primary group domain
sid(S-1-5-21-2904347395-2486898077-706273725-513) does not match the
domain sid(S-1-5-21-1927198471-1056857077-4159082931) for
j-carimalo(S-1-5-21-1927198471-1056857077-4159082931-14228)
[2013/02/04 18:39:53.255479, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'
[2013/02/04 18:39:53.255684, 2] auth/auth.c:319(check_ntlm_password)
check_ntlm_password: Authentication for user [j-carimalo] ->
[j-carimalo] FAILED with error NT_STATUS_UNSUCCESSFUL
[2013/02/04 18:39:53.255731, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
NT_STATUS_UNSUCCESSFUL
[2013/02/04 18:39:53.256517, 3] smbd/server_exit.c:181(exit_server_common)
Server exit (failed to receive smb request)
root@doctoriale:/etc/samba# net getlocalsid
smbldap_search_domain_info: Adding domain info for DOCTO failed with
NT_STATUS_UNSUCCESSFUL
SID for domain DOCTO is: S-1-5-21-2904347395-2486898077-706273725
root@doctoriale:/etc/samba# net getdomainsid
smbldap_search_domain_info: Adding domain info for DOCTO failed with
NT_STATUS_UNSUCCESSFUL
SID for local machine DOCTO is: S-1-5-21-2904347395-2486898077-706273725
SID for domain DOCTO is: S-1-5-21-2904347395-2486898077-706273725
root@doctoriale:/etc/samba# pdbedit -v j-carimalo
WARNING: The "enable privileges" option is deprecated
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=MSH))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Got no domain info entries for domain
add_new_domain_info: Adding new domain
add_new_domain_info: failed to add domain dn=
sambaDomainName=MSH,dc=univ-nantes,dc=fr with: Referral
unknown
smbldap_search_domain_info: Adding domain info for MSH failed with
NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
new users/groups, and will risk BDCs having inconsistant SIDs
init_sam_from_ldap: Entry found for user: j-carimalo
Unix username:j-carimalo
NT username: j-carimalo
Account Flags:[UX ]
User SID: S-1-5-21-1927198471-1056857077-4159082931-14228
Primary Group SID:S-1-5-21-2942490213-4119275230-1086943613-513
Full Name:Jacky CARIMALO
Home Directory: \\HOMESRV\j-carimalo
HomeDir Drive:Z:
Logon Script:
Profile Path: \\docto\j-carimalo\profile
Domain: DOCTO
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set:sam., 30 juin 2012 11:19:31 CEST
Password can change: sam., 30 juin 2012 11:19:31 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FF
ACTION :
root@doctoriale:/etc/samba# net setlocalsid
S-1-5-21-1927198471-1056857077-4159082931
AFTER :
root@doctoriale:/etc/samba# net getlocalsid
smbldap_search_domain_info: Adding domain info for DOCTO failed with
NT_STATUS_UNSUCCESSFUL
SID for domain DOCTO is: S-1-5-21-1927198471-1056857077-4159082931
root@doctoriale:/etc/samba# net getdomainsid
smbldap_search_domain_info: Adding domain info for DOCTO failed with
NT_STATUS_UNSUCCESSFUL
SID for local machine DOCTO is: S-1-5-21-1927198471-1056857077-4159082931
SID for domain DOCTO is: S-1-5-21-1927198471-1056857077-4159082931
root@doctoriale: