Re: [Samba] Something weird about pdbedit.
On Wednesday 11 March 2009 16:44:48 Harry Jede wrote:
Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD:
Hello again !
You can only have ONE group with ONE gidNumber.
BAD SETUP begin:
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description::
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
BAD SETUP end:
Combine these in a way, that you have only one group with the name cdti.
Thanks for your clear explanations. I see now where my mistake is and I'll try
to correct them.
There seems to be something somehow cloudy in my mind about all that. Since
I'm working on a server that serves all our users, I can't afford to put it
down or to break everything while people are working. So, I just make few
tries, and if it's wrong, I go back. Here is what I've tried :
I just changed CDTI gid from 666 to 10666. Since my account was linked to 666
group, I changed the value of my gidNumber to 10666. Everything went then find
according to pdbedit. No error occured when I did a pdbedit -v on my username.
But after that, I couldn't access files on the samba shares. I got a
NT_STATUS_PERMISSION_DENIED.
for example:
delete cn=cdti,ou=Group,BASEDN
and it may be fine.
So, I then went back to the original settings, and as you suggested, deleted
the cdti entry.
With this setup, I have a group called CDTI, with gid 666 and sambaSID =
SSID-666.
My user has group gid set to 666. So this should be fine.
But, once again when I try a pdbedit -v user, I get, among other things the
following :
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base = [BASEDN], filter =
[((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope = [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base = [ou=Groups,BASEDN], filter =
[((objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2]
init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Is the Unable to locate SID normal ?
And why the hell does pdbedit find two rids for CDTI since I deleted all that
refered to the group I deleted ?
There are so many things I don't understand about all this.
If one can explain to me, that would be great. Thanks in advance for any help
or any link to a comprehensive doc one would give me.
I've read many a doc, but all the one I've read take it plain that the reader
knows at least many things about how to setup a samba pdc controller with
ldap, which is not my case.
I really wish I hadn't any windows machine on my network, things would be
easier for me.
You should not have different groups with the same name, even if one is
in uppercase and the other in lowercase letters.
I really thought that a lowercase and an uppercase name was not the same,
thanks for this. And thanks again for your answer, I understand things more
clearly now, even if it's not perfect.
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Donnerstag, 12. März 2009 11:15 schrieb BOURIAUD:
On Wednesday 11 March 2009 16:44:48 Harry Jede wrote:
Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD:
Hello again !
You can only have ONE group with ONE gidNumber.
BAD SETUP begin:
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description::
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
BAD SETUP end:
Combine these in a way, that you have only one group with the name
cdti.
Thanks for your clear explanations. I see now where my mistake is and
I'll try to correct them.
There seems to be something somehow cloudy in my mind about all that.
Since I'm working on a server that serves all our users, I can't
afford to put it down or to break everything while people are
working.
Hmmh...
common praxis is this not. Almost all admins use test systems. May be
some virtual systems.
So, I just make few tries, and if it's wrong, I go back.
Here is what I've tried : I just changed CDTI gid from 666 to 10666.
Since my account was linked to 666 group, I changed the value of my
gidNumber to 10666. Everything went then find according to pdbedit.
No error occured when I did a pdbedit -v on my username. But after
that, I couldn't access files on the samba shares. I got a
NT_STATUS_PERMISSION_DENIED.
May be you have a caching daemon like nscd on your system. If so, you
must invalidate the group cache.
nscd -i group
will do this normaly.
for example:
delete cn=cdti,ou=Group,BASEDN
and it may be fine.
So, I then went back to the original settings, and as you suggested,
deleted the cdti entry.
With this setup, I have a group called CDTI, with gid 666 and
sambaSID = SSID-666.
My user has group gid set to 666. So this should be fine.
But, once again when I try a pdbedit -v user, I get, among other
things the following :
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base = [BASEDN], filter =
[((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope = [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base = [ou=Groups,BASEDN], filter =
[((objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope =
[2] init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Is the Unable to locate SID normal ?
Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount)
with this rid.
So you see, you MUST also have uniq RIDs. You cannot have a user and a
group with identical SID/RID. This comes from the M$-World, I
believe :-( .
And why the hell does pdbedit find two rids for CDTI since I deleted
all that refered to the group I deleted ?
Has samba really found 2 groups with the same RID, or has samba found 2
groups with the same name, ctdi and CTDI?
Try a ldapsearch:
ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666
ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn
By the way, ldap is case insensitive.
There are so many things I don't understand about all this.
If one can explain to me, that would be great. Thanks in advance for
any help or any link to a comprehensive doc one would give me.
I've read many a doc, but all the one I've read take it plain that
the reader knows at least many things about how to setup a samba pdc
controller with ldap, which is not my case.
I prefere to read the original documentation first. Even if its more
work.
I really wish I hadn't any windows machine on my network, things
would be easier for me.
No way, our users like this kind of programms :-( .
You should not have different groups with the same name, even if
one is in uppercase and the other in lowercase letters.
I really thought that a lowercase and an uppercase name was not the
same, thanks for this.
In reality it is surely not the same. But do all programs, tools and
their developer know this?
And thanks again for your answer, I understand
things more clearly now, even if it's not perfect.
Gruss
Harry Jede
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Thursday 12 March 2009 12:36:07 Harry Jede wrote: Hi ! It is great to work with you. At least, you know what you're talking about, which is not my case on this peculiar point. Hmmh... common praxis is this not. Almost all admins use test systems. May be some virtual systems. I know that, but I found the mistake after the system was put in place of the old one, and you know, what is done is done. I must go on with that. May be you have a caching daemon like nscd on your system. If so, you must invalidate the group cache. nscd -i group will do this normaly. I've checked it up : no nscd daemon running on the machines. Did I write it anywhere that the samba machine and the ldap one were not the same ? Though it shouldn't change anything, I think it is worth say it now /o\ Is the Unable to locate SID normal ? Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount) with this rid. So you see, you MUST also have uniq RIDs. You cannot have a user and a group with identical SID/RID. This comes from the M$-World, I believe :-( . And why the hell does pdbedit find two rids for CDTI since I deleted all that refered to the group I deleted ? Has samba really found 2 groups with the same RID, or has samba found 2 groups with the same name, ctdi and CTDI? Try a ldapsearch: ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666 ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn I've tried both searches, and in every case, only one entry is found, the one that is expected. It belongs to ou=Groups and is defined like this : dn: cn=CDTI,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm1h dGlvbg== sambaGroupType: 2 displayName: CDTI gidNumber: 666 SambaSID: S-1-5-21-215069222-2822928016-2390355089-666 I've also rebuild the ldap indexes, but nothing changes this behaviour. (on the ldap machine, as root, I went to the ldap db directory, and typed in : $ service ldap stop slapindex chown ldap:ldap * service ldap start ) So on, with all your great help, I'll take some time to check up once again all the configuration of both machines, the samba one and the ldap one. Thanks again. Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote:
Hi !
I'm running a samba domain controler under rhel 5. It's version
3.0.33-3.7.el5.
I've also installed a ldap server to store users and groups and so on.
When I try a pdbedit -v david, I get the following :
Unix username:david
NT username: david
Account Flags:[U ]
User SID: S-1-5-21-215069222-2822928016-2390355089-1016
Finding user david
Trying _Get_Pwnam(), username as lowercase is david
Get_Pwnam_internals did find user [david]!
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
= [((objectClass=sambaGroupMapping)(gidNumber=666))], scope = [2]
init_group_from_ldap: Entry found for group: 666
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter =
[((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope = [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter
= [((objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2]
init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666
Full Name:david
The weird thing is ldapsam_getsampwsid: Unable to locate SID
I think I made a mistake when creating both unix groups and samba groups.
Here is how the unix group is defined :
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description::
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
And here is what the user's definition :
dn: uid=david,ou=SambaUsers,BASEDN
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: david
sn: david
givenName: david
uid: david
uidNumber: 1016
homeDirectory: /smbhome/users/david/samba
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: david
sambaLogonScript: logon.bat
sambaProfilePath: \\DOMAIN_SERVER\profiles\david
sambaHomePath: \\DOMAIN_SERVER\david
sambaHomeDrive: P:
sambaLMPassword: PLOP
sambaNTPassword: PLOP
sambaPasswordHistory:
00 00
sambaPwdLastSet: 1228486572
userPassword: {SSHA}PLOP
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
gidNumber: 666
sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666
Of course, I've obfuscated what I found that has not point with my problem
!
I think that the problem comes from the groups, both the unix one and the
samba one, but I don't know how to fix it.
If anyone could tell me what I could to to correct this, that would be
great ! I hope I've given enough informations, but if you think I should
give more, fell free to ask. I'd really like to get rid of this anoying
message. Thanks in advance !
UP ! Noone to help me with that ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Mittwoch, 11. März 2009 13:30 schrieb BOURIAUD:
On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote:
Hi !
I'm running a samba domain controler under rhel 5. It's version
3.0.33-3.7.el5.
I've also installed a ldap server to store users and groups and so
on. When I try a pdbedit -v david, I get the following :
Unix username:david
NT username: david
Account Flags:[U ]
User SID: S-1-5-21-215069222-2822928016-2390355089-1016
Finding user david
Trying _Get_Pwnam(), username as lowercase is david
Get_Pwnam_internals did find user [david]!
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr],
filter = [((objectClass=sambaGroupMapping)(gidNumber=666))],
scope = [2] init_group_from_ldap: Entry found for group: 666
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter =
[((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope = [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr],
filter = [((objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope =
[2] init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666
Full Name:david
The weird thing is ldapsam_getsampwsid: Unable to locate SID
I think I made a mistake when creating both unix groups and samba
groups. Here is how the unix group is defined :
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description::
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg== sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
And here is what the user's definition :
dn: uid=david,ou=SambaUsers,BASEDN
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: david
sn: david
givenName: david
uid: david
uidNumber: 1016
homeDirectory: /smbhome/users/david/samba
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: david
sambaLogonScript: logon.bat
sambaProfilePath: \\DOMAIN_SERVER\profiles\david
sambaHomePath: \\DOMAIN_SERVER\david
sambaHomeDrive: P:
sambaLMPassword: PLOP
sambaNTPassword: PLOP
sambaPasswordHistory:
00 00
sambaPwdLastSet: 1228486572
userPassword: {SSHA}PLOP
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
gidNumber: 666
sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666
Of course, I've obfuscated what I found that has not point with my
problem !
I think that the problem comes from the groups, both the unix one
and the samba one, but I don't know how to fix it.
If anyone could tell me what I could to to correct this, that would
be great ! I hope I've given enough informations, but if you think
I should give more, fell free to ask. I'd really like to get rid of
this anoying message. Thanks in advance !
UP ! Noone to help me with that ?
First things first: Read the f... manual
- you should not have 2 groups with the same gidNumber
- sambaLMPassword sambaNTPassword do not hold the password in ascii,
both must contain password hashes
Go back, and take some time to read the docs
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Wednesday 11 March 2009 14:51:25 Harry Jede wrote: Hello ! First of all, thanks for your answer, even if it doesn't help much. First things first: Read the f... manual That's what I did, after I made my mistake. - you should not have 2 groups with the same gidNumber Forgive me if my question was not asked correctly. So I will try to make it clearer : which gid should I change then ? The one from the unix group or the one of the samba group ? Are there rules to do so (I mean reserved numbers, limits for the gid, things like this) ? - sambaLMPassword sambaNTPassword do not hold the password in ascii, both must contain password hashes I hope you were joking. I said I obfuscated what had no point with the question, and password hashes were replaced with PLOP in my previous mail ;-) Go back, and take some time to read the docs That's what I keep doing, anyway. Thanks for your answer and have a nice day. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD:
On Wednesday 11 March 2009 14:51:25 Harry Jede wrote:
Hello !
First of all, thanks for your answer, even if it doesn't help much.
First things first: Read the f... manual
That's what I did, after I made my mistake.
- you should not have 2 groups with the same gidNumber
Forgive me if my question was not asked correctly. So I will try to
make it clearer : which gid should I change then ? The one from the
unix group or the one of the samba group ? Are there rules to do so
(I mean reserved numbers, limits for the gid, things like this) ?
You can only have ONE group with ONE gidNumber.
BAD SETUP begin:
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description::
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
BAD SETUP end:
Combine these in a way, that you have only one group with the name cdti.
for example:
delete cn=cdti,ou=Group,BASEDN
and it may be fine.
You should not have different groups with the same name, even if one is
in uppercase and the other in lowercase letters.
You should not have identical names in your LDAP database across the
following fields: cn, uid and displayName for more then one record.
Example:
dn: uid=john,ou=...
uid=john
displayname=john
That is OK
##
dn: uid=john,ou=A,ou...
uid=john
displayname=john
dn: uid=john,ou=B,ou=...
uid=johnB
displayname=john
That's bad.
##
dn: uid=john,ou=A,ou...
uid=john
displayname=john
dn: cn=john,ou=groups,ou...
cn=john
That's also bad.
- sambaLMPassword sambaNTPassword do not hold the password in
ascii, both must contain password hashes
I hope you were joking. I said I obfuscated what had no point with
the question, and password hashes were replaced with PLOP in my
previous mail ;-)
Sorry,
I do not now PLOP.
Go back, and take some time to read the docs
That's what I keep doing, anyway.
Thanks for your answer and have a nice day.
--
Gruss
Harry Jede
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Something weird about pdbedit.
Hi !
I'm running a samba domain controler under rhel 5. It's version
3.0.33-3.7.el5.
I've also installed a ldap server to store users and groups and so on.
When I try a pdbedit -v david, I get the following :
Unix username:david
NT username: david
Account Flags:[U ]
User SID: S-1-5-21-215069222-2822928016-2390355089-1016
Finding user david
Trying _Get_Pwnam(), username as lowercase is david
Get_Pwnam_internals did find user [david]!
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter =
[((objectClass=sambaGroupMapping)(gidNumber=666))], scope = [2]
init_group_from_ldap: Entry found for group: 666
lookup_global_sam_rid: looking up RID 666.
smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter =
[((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666)
(objectclass=sambaSamAccount))], scope = [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-215069222-2822928016-2390355089-666] count=0
smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter =
[((objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2]
init_group_from_ldap: Entry found for group: 666
lookup_rids: CDTI:2
Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666
Full Name:david
The weird thing is ldapsam_getsampwsid: Unable to locate SID
I think I made a mistake when creating both unix groups and samba groups.
Here is how the unix group is defined :
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666
Here is how the samba group is defined :
dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
And here is what the user's definition :
dn: uid=david,ou=SambaUsers,BASEDN
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: david
sn: david
givenName: david
uid: david
uidNumber: 1016
homeDirectory: /smbhome/users/david/samba
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: david
sambaLogonScript: logon.bat
sambaProfilePath: \\DOMAIN_SERVER\profiles\david
sambaHomePath: \\DOMAIN_SERVER\david
sambaHomeDrive: P:
sambaLMPassword: PLOP
sambaNTPassword: PLOP
sambaPasswordHistory: 00
00
sambaPwdLastSet: 1228486572
userPassword: {SSHA}PLOP
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016
gidNumber: 666
sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666
Of course, I've obfuscated what I found that has not point with my problem !
I think that the problem comes from the groups, both the unix one and the
samba one, but I don't know how to fix it.
If anyone could tell me what I could to to correct this, that would be great !
I hope I've given enough informations, but if you think I should give more,
fell free to ask. I'd really like to get rid of this anoying message.
Thanks in advance !
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
