Re: [Samba] Something weird about pdbedit.
On Wednesday 11 March 2009 16:44:48 Harry Jede wrote: Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD: Hello again ! You can only have ONE group with ONE gidNumber. BAD SETUP begin: dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 BAD SETUP end: Combine these in a way, that you have only one group with the name cdti. Thanks for your clear explanations. I see now where my mistake is and I'll try to correct them. There seems to be something somehow cloudy in my mind about all that. Since I'm working on a server that serves all our users, I can't afford to put it down or to break everything while people are working. So, I just make few tries, and if it's wrong, I go back. Here is what I've tried : I just changed CDTI gid from 666 to 10666. Since my account was linked to 666 group, I changed the value of my gidNumber to 10666. Everything went then find according to pdbedit. No error occured when I did a pdbedit -v on my username. But after that, I couldn't access files on the samba shares. I got a NT_STATUS_PERMISSION_DENIED. for example: delete cn=cdti,ou=Group,BASEDN and it may be fine. So, I then went back to the original settings, and as you suggested, deleted the cdti entry. With this setup, I have a group called CDTI, with gid 666 and sambaSID = SSID-666. My user has group gid set to 666. So this should be fine. But, once again when I try a pdbedit -v user, I get, among other things the following : lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base = [BASEDN], filter = [((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base = [ou=Groups,BASEDN], filter = [((objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Is the Unable to locate SID normal ? And why the hell does pdbedit find two rids for CDTI since I deleted all that refered to the group I deleted ? There are so many things I don't understand about all this. If one can explain to me, that would be great. Thanks in advance for any help or any link to a comprehensive doc one would give me. I've read many a doc, but all the one I've read take it plain that the reader knows at least many things about how to setup a samba pdc controller with ldap, which is not my case. I really wish I hadn't any windows machine on my network, things would be easier for me. You should not have different groups with the same name, even if one is in uppercase and the other in lowercase letters. I really thought that a lowercase and an uppercase name was not the same, thanks for this. And thanks again for your answer, I understand things more clearly now, even if it's not perfect. Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Donnerstag, 12. März 2009 11:15 schrieb BOURIAUD: On Wednesday 11 March 2009 16:44:48 Harry Jede wrote: Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD: Hello again ! You can only have ONE group with ONE gidNumber. BAD SETUP begin: dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 BAD SETUP end: Combine these in a way, that you have only one group with the name cdti. Thanks for your clear explanations. I see now where my mistake is and I'll try to correct them. There seems to be something somehow cloudy in my mind about all that. Since I'm working on a server that serves all our users, I can't afford to put it down or to break everything while people are working. Hmmh... common praxis is this not. Almost all admins use test systems. May be some virtual systems. So, I just make few tries, and if it's wrong, I go back. Here is what I've tried : I just changed CDTI gid from 666 to 10666. Since my account was linked to 666 group, I changed the value of my gidNumber to 10666. Everything went then find according to pdbedit. No error occured when I did a pdbedit -v on my username. But after that, I couldn't access files on the samba shares. I got a NT_STATUS_PERMISSION_DENIED. May be you have a caching daemon like nscd on your system. If so, you must invalidate the group cache. nscd -i group will do this normaly. for example: delete cn=cdti,ou=Group,BASEDN and it may be fine. So, I then went back to the original settings, and as you suggested, deleted the cdti entry. With this setup, I have a group called CDTI, with gid 666 and sambaSID = SSID-666. My user has group gid set to 666. So this should be fine. But, once again when I try a pdbedit -v user, I get, among other things the following : lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base = [BASEDN], filter = [((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base = [ou=Groups,BASEDN], filter = [((objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Is the Unable to locate SID normal ? Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount) with this rid. So you see, you MUST also have uniq RIDs. You cannot have a user and a group with identical SID/RID. This comes from the M$-World, I believe :-( . And why the hell does pdbedit find two rids for CDTI since I deleted all that refered to the group I deleted ? Has samba really found 2 groups with the same RID, or has samba found 2 groups with the same name, ctdi and CTDI? Try a ldapsearch: ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666 ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn By the way, ldap is case insensitive. There are so many things I don't understand about all this. If one can explain to me, that would be great. Thanks in advance for any help or any link to a comprehensive doc one would give me. I've read many a doc, but all the one I've read take it plain that the reader knows at least many things about how to setup a samba pdc controller with ldap, which is not my case. I prefere to read the original documentation first. Even if its more work. I really wish I hadn't any windows machine on my network, things would be easier for me. No way, our users like this kind of programms :-( . You should not have different groups with the same name, even if one is in uppercase and the other in lowercase letters. I really thought that a lowercase and an uppercase name was not the same, thanks for this. In reality it is surely not the same. But do all programs, tools and their developer know this? And thanks again for your answer, I understand things more clearly now, even if it's not perfect. Gruss Harry Jede -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Thursday 12 March 2009 12:36:07 Harry Jede wrote: Hi ! It is great to work with you. At least, you know what you're talking about, which is not my case on this peculiar point. Hmmh... common praxis is this not. Almost all admins use test systems. May be some virtual systems. I know that, but I found the mistake after the system was put in place of the old one, and you know, what is done is done. I must go on with that. May be you have a caching daemon like nscd on your system. If so, you must invalidate the group cache. nscd -i group will do this normaly. I've checked it up : no nscd daemon running on the machines. Did I write it anywhere that the samba machine and the ldap one were not the same ? Though it shouldn't change anything, I think it is worth say it now /o\ Is the Unable to locate SID normal ? Yes, it is. Samba is searching for a user (objectclass=sambaSamAccount) with this rid. So you see, you MUST also have uniq RIDs. You cannot have a user and a group with identical SID/RID. This comes from the M$-World, I believe :-( . And why the hell does pdbedit find two rids for CDTI since I deleted all that refered to the group I deleted ? Has samba really found 2 groups with the same RID, or has samba found 2 groups with the same name, ctdi and CTDI? Try a ldapsearch: ldapsearch -x -LLL -b BASEDN -s sub sambasid=*-666 ldapsearch -x -LLL -b BASEDN -s sub '(|(cn=ctdi)(uid=ctdi))' dn I've tried both searches, and in every case, only one entry is found, the one that is expected. It belongs to ou=Groups and is defined like this : dn: cn=CDTI,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm1h dGlvbg== sambaGroupType: 2 displayName: CDTI gidNumber: 666 SambaSID: S-1-5-21-215069222-2822928016-2390355089-666 I've also rebuild the ldap indexes, but nothing changes this behaviour. (on the ldap machine, as root, I went to the ldap db directory, and typed in : $ service ldap stop slapindex chown ldap:ldap * service ldap start ) So on, with all your great help, I'll take some time to check up once again all the configuration of both machines, the samba one and the ldap one. Thanks again. Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote: Hi ! I'm running a samba domain controler under rhel 5. It's version 3.0.33-3.7.el5. I've also installed a ldap server to store users and groups and so on. When I try a pdbedit -v david, I get the following : Unix username:david NT username: david Account Flags:[U ] User SID: S-1-5-21-215069222-2822928016-2390355089-1016 Finding user david Trying _Get_Pwnam(), username as lowercase is david Get_Pwnam_internals did find user [david]! smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping)(gidNumber=666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter = [((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666 Full Name:david The weird thing is ldapsam_getsampwsid: Unable to locate SID I think I made a mistake when creating both unix groups and samba groups. Here is how the unix group is defined : dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 And here is what the user's definition : dn: uid=david,ou=SambaUsers,BASEDN objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: david sn: david givenName: david uid: david uidNumber: 1016 homeDirectory: /smbhome/users/david/samba loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: david sambaLogonScript: logon.bat sambaProfilePath: \\DOMAIN_SERVER\profiles\david sambaHomePath: \\DOMAIN_SERVER\david sambaHomeDrive: P: sambaLMPassword: PLOP sambaNTPassword: PLOP sambaPasswordHistory: 00 00 sambaPwdLastSet: 1228486572 userPassword: {SSHA}PLOP sambaAcctFlags: [U ] sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 gidNumber: 666 sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 Of course, I've obfuscated what I found that has not point with my problem ! I think that the problem comes from the groups, both the unix one and the samba one, but I don't know how to fix it. If anyone could tell me what I could to to correct this, that would be great ! I hope I've given enough informations, but if you think I should give more, fell free to ask. I'd really like to get rid of this anoying message. Thanks in advance ! UP ! Noone to help me with that ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Mittwoch, 11. März 2009 13:30 schrieb BOURIAUD: On Wednesday 11 February 2009 10:39:10 BOURIAUD wrote: Hi ! I'm running a samba domain controler under rhel 5. It's version 3.0.33-3.7.el5. I've also installed a ldap server to store users and groups and so on. When I try a pdbedit -v david, I get the following : Unix username:david NT username: david Account Flags:[U ] User SID: S-1-5-21-215069222-2822928016-2390355089-1016 Finding user david Trying _Get_Pwnam(), username as lowercase is david Get_Pwnam_internals did find user [david]! smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping)(gidNumber=666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter = [((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666 Full Name:david The weird thing is ldapsam_getsampwsid: Unable to locate SID I think I made a mistake when creating both unix groups and samba groups. Here is how the unix group is defined : dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 And here is what the user's definition : dn: uid=david,ou=SambaUsers,BASEDN objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: david sn: david givenName: david uid: david uidNumber: 1016 homeDirectory: /smbhome/users/david/samba loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: david sambaLogonScript: logon.bat sambaProfilePath: \\DOMAIN_SERVER\profiles\david sambaHomePath: \\DOMAIN_SERVER\david sambaHomeDrive: P: sambaLMPassword: PLOP sambaNTPassword: PLOP sambaPasswordHistory: 00 00 sambaPwdLastSet: 1228486572 userPassword: {SSHA}PLOP sambaAcctFlags: [U ] sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 gidNumber: 666 sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 Of course, I've obfuscated what I found that has not point with my problem ! I think that the problem comes from the groups, both the unix one and the samba one, but I don't know how to fix it. If anyone could tell me what I could to to correct this, that would be great ! I hope I've given enough informations, but if you think I should give more, fell free to ask. I'd really like to get rid of this anoying message. Thanks in advance ! UP ! Noone to help me with that ? First things first: Read the f... manual - you should not have 2 groups with the same gidNumber - sambaLMPassword sambaNTPassword do not hold the password in ascii, both must contain password hashes Go back, and take some time to read the docs -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
On Wednesday 11 March 2009 14:51:25 Harry Jede wrote: Hello ! First of all, thanks for your answer, even if it doesn't help much. First things first: Read the f... manual That's what I did, after I made my mistake. - you should not have 2 groups with the same gidNumber Forgive me if my question was not asked correctly. So I will try to make it clearer : which gid should I change then ? The one from the unix group or the one of the samba group ? Are there rules to do so (I mean reserved numbers, limits for the gid, things like this) ? - sambaLMPassword sambaNTPassword do not hold the password in ascii, both must contain password hashes I hope you were joking. I said I obfuscated what had no point with the question, and password hashes were replaced with PLOP in my previous mail ;-) Go back, and take some time to read the docs That's what I keep doing, anyway. Thanks for your answer and have a nice day. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Something weird about pdbedit.
Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD: On Wednesday 11 March 2009 14:51:25 Harry Jede wrote: Hello ! First of all, thanks for your answer, even if it doesn't help much. First things first: Read the f... manual That's what I did, after I made my mistake. - you should not have 2 groups with the same gidNumber Forgive me if my question was not asked correctly. So I will try to make it clearer : which gid should I change then ? The one from the unix group or the one of the samba group ? Are there rules to do so (I mean reserved numbers, limits for the gid, things like this) ? You can only have ONE group with ONE gidNumber. BAD SETUP begin: dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 BAD SETUP end: Combine these in a way, that you have only one group with the name cdti. for example: delete cn=cdti,ou=Group,BASEDN and it may be fine. You should not have different groups with the same name, even if one is in uppercase and the other in lowercase letters. You should not have identical names in your LDAP database across the following fields: cn, uid and displayName for more then one record. Example: dn: uid=john,ou=... uid=john displayname=john That is OK ## dn: uid=john,ou=A,ou... uid=john displayname=john dn: uid=john,ou=B,ou=... uid=johnB displayname=john That's bad. ## dn: uid=john,ou=A,ou... uid=john displayname=john dn: cn=john,ou=groups,ou... cn=john That's also bad. - sambaLMPassword sambaNTPassword do not hold the password in ascii, both must contain password hashes I hope you were joking. I said I obfuscated what had no point with the question, and password hashes were replaced with PLOP in my previous mail ;-) Sorry, I do not now PLOP. Go back, and take some time to read the docs That's what I keep doing, anyway. Thanks for your answer and have a nice day. -- Gruss Harry Jede -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Something weird about pdbedit.
Hi ! I'm running a samba domain controler under rhel 5. It's version 3.0.33-3.7.el5. I've also installed a ldap server to store users and groups and so on. When I try a pdbedit -v david, I get the following : Unix username:david NT username: david Account Flags:[U ] User SID: S-1-5-21-215069222-2822928016-2390355089-1016 Finding user david Trying _Get_Pwnam(), username as lowercase is david Get_Pwnam_internals did find user [david]! smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping)(gidNumber=666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_global_sam_rid: looking up RID 666. smbldap_search_ext: base = [ou=ia27,dc=ac-rouen,dc=fr], filter = [((sambaSID=S-1-5-21-215069222-2822928016-2390355089-666) (objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-215069222-2822928016-2390355089-666] count=0 smbldap_search_ext: base = [ou=Groups,ou=ia27,dc=ac-rouen,dc=fr], filter = [((objectClass=sambaGroupMapping) (sambaSID=S-1-5-21-215069222-2822928016-2390355089-666))], scope = [2] init_group_from_ldap: Entry found for group: 666 lookup_rids: CDTI:2 Primary Group SID:S-1-5-21-215069222-2822928016-2390355089-666 Full Name:david The weird thing is ldapsam_getsampwsid: Unable to locate SID I think I made a mistake when creating both unix groups and samba groups. Here is how the unix group is defined : dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 And here is what the user's definition : dn: uid=david,ou=SambaUsers,BASEDN objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: david sn: david givenName: david uid: david uidNumber: 1016 homeDirectory: /smbhome/users/david/samba loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: david sambaLogonScript: logon.bat sambaProfilePath: \\DOMAIN_SERVER\profiles\david sambaHomePath: \\DOMAIN_SERVER\david sambaHomeDrive: P: sambaLMPassword: PLOP sambaNTPassword: PLOP sambaPasswordHistory: 00 00 sambaPwdLastSet: 1228486572 userPassword: {SSHA}PLOP sambaAcctFlags: [U ] sambaSID: S-1-5-21-215069222-2822928016-2390355089-1016 gidNumber: 666 sambaPrimaryGroupSID: S-1-5-21-215069222-2822928016-2390355089-666 Of course, I've obfuscated what I found that has not point with my problem ! I think that the problem comes from the groups, both the unix one and the samba one, but I don't know how to fix it. If anyone could tell me what I could to to correct this, that would be great ! I hope I've given enough informations, but if you think I should give more, fell free to ask. I'd really like to get rid of this anoying message. Thanks in advance ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba