[Samba] Users SID problem

[shacky]

Hi.

I realized that I have a problem with the users SID.
Thy are different between the SID of the domain.
Let's see the output of these commands:

server:/home/utenti/user# net getlocalsid
SID for domain SERVER is: S-1-5-21-1375271547-2371556575-3111006354

server:/home/utenti/user# pdbedit -Lv test
Unix username: test
NT username:
Account Flags: [U ]
User SID: S-1-5-21-73733321-1646160496-1160744844-3004
Primary Group SID: S-1-5-21-73733321-1646160496-1160744844-513
Full Name: Test
Home Directory:
HomeDir Drive:
Logon Script: test.bat
Profile Path:
Domain: MYDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: lun, 05 mag 2008 10:44:20 CEST
Password can change: lun, 05 mag 2008 10:44:20 CEST
Password must change: 9223372036854775807 seconds since the Epoch
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Please note that the User SID and the Primary Group SID don't contain
the SID of the domain, are completely different.
It is the same for all user.
Is it normal or is it a problem?
I cannot logon to the domain from the Windows clients.
How I can solve this problem, and how I can make the change definitive
for all new users too?

Thank you very much!
Ciao.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

[Linux Addict]

Its okay not to have domain's SID. This is not the reason you are not
able to login.

What is the output of

1.wbinfo -t
2.wbinfo -g
3.testparm
4.net ads info
5.kinit <AD username>

[shacky]

2008/5/6 Linux Addict <linuxa...@gmail.com>:

> Its okay not to have domain's SID. This is not the reason you are not
> able to login.

Oh, ok, thank you!

> What is the output of

> 1.wbinfo -t
server-x:~# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not check secret

> 2.wbinfo -g
server-x:~# wbinfo -g
Error looking up domain groups

> 3.testparm
server-x:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[homedir]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[amministrazione]"
Unknown parameter encountered: "force create mask"
Ignoring unknown parameter "force create mask"
Unknown parameter encountered: "force directory mask"
Ignoring unknown parameter "force directory mask"
Processing section "[data]"
Unknown parameter encountered: "force create mask"
Ignoring unknown parameter "force create mask"
Processing section "[commerciale]"
Unknown parameter encountered: "force create mask"
Ignoring unknown parameter "force create mask"
Unknown parameter encountered: "force directory mask"
Ignoring unknown parameter "force directory mask"
Processing section "[rassegna]"
Unknown parameter encountered: "force create mask"
Ignoring unknown parameter "force create mask"
Unknown parameter encountered: "force directory mask"
Ignoring unknown parameter "force directory mask"
Processing section "[admin]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

> 4.net ads info
server-x:~# net ads info
Didn't find the ldap server!

This is the [global] section of my /etc/samba/smb.conf:

[global]
netbios name = server-x
workgroup = EG
server string = Server Samba %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
domain master = yes
security = user
domain logons = yes
hosts allow = 127.0.0.1 192.168.33.0/255.255.255.0 192.168.0.
192.168.3. 192.168.4. 192.168.6.
interfaces = eth0 lo
bind interfaces only = yes
encrypt passwords = yes
username map = /etc/samba/smbusers
map to guest = Bad User
add machine script = /usr/local/sbin/smb-aggiungimacchina.sh %u
os level = 99
preferred master = yes
local master = yes
wins support = yes
domain logons = yes
logon script = %U.bat
log file = /var/log/samba/%m.log
log level = 3
syslog = 0
max log size = 10000
logon drive =
logon home =
logon path =

Thank you very much for your help!
Bye.

[Linux Addict]

1. Fix your smb.conf. It seems to be having issues as it shows error.
testparm again and it shudn't return any errors. Use SWAT if you cant
the syntax right.

2. Join to the domain again and restart smb and winbind.

3. wbinfo -t, wbinfo -g, wbinfo -u shud return successfull results now.

Let me know how it goes..

Cheers..

[shacky]

2008/5/8 Linux Addict <linuxa...@gmail.com>:

> 1. Fix your smb.conf. It seems to be having issues as it shows error.
> testparm again and it shudn't return any errors. Use SWAT if you cant
> the syntax right.
> 2. Join to the domain again and restart smb and winbind.
> 3. wbinfo -t, wbinfo -g, wbinfo -u shud return successfull results now.
> Let me know how it goes..

Thank you very much, I will try tomorrow.
But remember that my problem is that I cannot join to the domain from
the Windows clients, not from the Linux ones.

[Wes Modes]

Don't these tests make some presumptions? For instance, Shacky didn't
say that he was attempting to join an active directory domain. In fact,
he has security=User, security=ADS.

I'd like to understand the problem he is having, because I am having the
same one. However, I don't want to be distracted if ADS is a red herring.

Wes

--

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208