[Samba] A device attached to the system is not functioning
Alan Holt
I was looking a lot around of Internet, but still did not find some
solution for my problem.
I have SAMBA and domain with ldap, everything have been fine until today.
Like usually I did create new user in domain and tried to get into my
domain on Windows 7 and Windows XP machines.
Then I have got this error:
"A device attached to the system is not functioning"
I checked SAMBA logs and found this:
==> /var/log/samba/xp-8a995003b537.log <==
[2012/07/02 17:38:28.626582, 1]
rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
_netr_LogonSamLogon: user MYDOMAINE.COM\alex has user sid
S-1-5-21-2139989288-483860436-2398042574-3228
but group sid S-1-5-21-3745118107-2241246581-749181168-513-513.
The conflicting domain portions are not supported for NETLOGON calls
I guess it's happens because some problems with SID. I did check SID for
user alex:
# pdbedit -L -v alex
User SID: S-1-5-21-2139989288-483860436-2398042574-3228
Primary Group SID: S-1-5-21-3745118107-2241246581-*749181168-513*-513
Domain: MYDOMAIN.COM
Also I did check SID for my domain:
# net getlocalsid MYDOMAIN .COM
SID for domain MYDOMAIN .COM is: S-1-5-21-3745118107-2241246581-*
749181168-513*
So could you please to help to solve this issue?
Thanks.
--
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3
*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
John Drescher
"." in the domain name
John
John Drescher
> What does it mean?
> This is name of my domain:
>
> # vi /etc/smbldap-tools/smbldap.conf
> ....
> suffix="dc=mydomaine,dc=com"
> ....
I am talking about the workgroup setting in smb.conf
This should not contain a "."
Alan Holt
This is name of my domain:
# vi /etc/smbldap-tools/smbldap.conf
....
suffix="dc=mydomaine,dc=com"
....
--
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3
*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
Alan Holt
Something wrong with SID ...
but what..
please any suggestions ..
Also for users that already were created I see in logs this error:
_netr_LogonSamLogon: user MYDOMAINE.COM\elad has user sid
S-1-5-21-2139989288-483860436-2398042574-3070
but group sid S-1-5-21-3745118107-2241246581-749181168-513-513.
*The conflicting domain portions are not supported for NETLOGON calls*
And also I can get into samba with new user alex:
# smbclient -L localhost -U alex
Enter zvika's password:
Domain=[MYDOMAINE.COM] OS=[Unix] Server=[Samba 3.5.11-79.fc14]
On Mon, Jul 2, 2012 at 6:06 PM, John Drescher <dresc...@gmail.com> wrote:
> On Mon, Jul 2, 2012 at 11:01 AM, Alan Holt <berb...@gmail.com> wrote:
> > What does it mean?
> > This is name of my domain:
> >
> > # vi /etc/smbldap-tools/smbldap.conf
> > ....
> > suffix="dc=mydomaine,dc=com"
> > ....
>
> I am talking about the workgroup setting in smb.conf
>
> This should not contain a "."
>
> John
>
--
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3
*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
Alan Holt
# net groupmap list
Domain Admins (S-1-5-21-2139989288-483860436-2398042574-512) -> Domain
Admins
Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
Domain Guests (S-1-5-21-2139989288-483860436-2398042574-514) -> Domain
Guests
Domain Computers (S-1-5-21-2139989288-483860436-2398042574-515) -> Domain
Computers
Administrators (S-1-5-32-544) -> Administrators
and this is SID of my user:
# pdbedit -Lv alexander
User SID: S-1-5-21-2139989288-483860436-2398042574-3186
Primary Group SID: S-1-5-21-3745118107-2241246581-749181168-513-513
They are completely different ....
Lukasz Zalewski
> Also, this is SID of groups in domain:
>
> # net groupmap list
> Domain Admins (S-1-5-21-2139989288-483860436-2398042574-512) -> Domain
> Admins
> Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
> Domain Guests (S-1-5-21-2139989288-483860436-2398042574-514) -> Domain
> Guests
> Domain Computers (S-1-5-21-2139989288-483860436-2398042574-515) -> Domain
> Computers
> Administrators (S-1-5-32-544) -> Administrators
>
> and this is SID of my user:
> # pdbedit -Lv alexander
> User SID: S-1-5-21-2139989288-483860436-2398042574-3186
> Primary Group SID: S-1-5-21-3745118107-2241246581-749181168-513-513
>
> They are completely different ....
>
I do not know how you came about this setup, but from a quick glance the
sid defined in alexander's Primary Group SID is incorrect:
Domain Users' sid is defined by
SID: S-1-5-21domain-513 (from http://support.microsoft.com/kb/243330)
So it seems to me that:
1) you have additional -513 appended at the end
2) Your domain portion of the sid for Primary Group SID is different to
the one used in the User SID and to the ones listed by net groupmap admins
So shouldn't alexander's Primary Group SID be
S-1-5-21-2139989288-483860436-2398042574-513?
HTH
L
Alan Holt
also I can not understand
# net groupmap list
Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
User SID: S-1-5-21-2139989288-483860436-2398042574-3152
is okey too.
Primary Group SID: S-1-5-21-3745118107-2241246581-749181168-513*-513*
is good too,
# net getlocalsid MYDOMAIN.COM
SID for domain MYDOMAIN .COM is:
S-1-5-21-3745118107-2241246581-749181168-513
I guess problem is in file passdb.tdb
but I really don't know what to do with this ...
> Hi Alan,
> I do not know how you came about this setup, but from a quick glance the
> sid defined in alexander's Primary Group SID is incorrect:
> Domain Users' sid is defined by
> SID: S-1-5-21domain-513 (from http://support.microsoft.com/**kb/243330<http://support.microsoft.com/kb/243330>
> )
> So it seems to me that:
> 1) you have additional -513 appended at the end
> 2) Your domain portion of the sid for Primary Group SID is different to
> the one used in the User SID and to the ones listed by net groupmap admins
> So shouldn't alexander's Primary Group SID be
> S-1-5-21-2139989288-483860436-**2398042574-513?
>
> HTH
>
> L
>
--
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3
*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
Alan Holt
Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
<---HIS GROUP
# smbldap-usershow alexander
....
sambaSID: S-1-5-21-3745118107-2241246581-749181168-513
....
but this extra -513 still here ...
==> /var/log/samba/xp-8a995003b537.log <==
[2012/07/03 13:31:57.108776, 1]
rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
_netr_LogonSamLogon: user CALLMYNAME.COM\zvika has user sid *
S-1-5-21-3745118107-2241246581-749181168-513*
but group sid *S-1-5-21-3745118107-2241246581-749181168-513-513*.
The conflicting domain portions are not supported for NETLOGON calls
Alan Holt
domain, I see in the log next:
[2012/07/03 14:06:26.341978, 1]
rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
_netr_LogonSamLogon: user MYDOMAINE.COM\ronib has user sid
S-1-5-21-2139989288-483860436-2398042574-3222
but group sid S-1-5-21-3745118107-2241246581-749181168-513-513.
But:
Domain Admins (S-1-5-21-2139989288-483860436-2398042574-512) -> Domain
Admins
Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
Domain Guests (S-1-5-21-2139989288-483860436-2398042574-514) -> Domain
Guests
Domain Computers (S-1-5-21-2139989288-483860436-2398042574-515) -> Domain
Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Board Members (S-1-5-32-600) -> Board
Management Members (S-1-5-32-601) -> Management
qa (S-1-5-21-2139989288-483860436-2398042574-3001) -> qa
na (S-1-5-21-2139989288-483860436-2398042574-3007) -> na
So question is, wtf is but group sid
S-1-5-21-3745118107-2241246581-749181168-513-513 this ???
I don not see any group like this in my domain, user ronib is in group
Domain Users and this group looks like this:
Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) -> Domain Users
From where this sid S-1-5-21-3745118107-2241246581-749181168-513-513
????????
Alan Holt
[root@server smbldap-tools]# net getlocalsid MYDOMAIN.COM
SID for domain MYDOMAIN.COM is:
S-1-5-21-3745118107-2241246581-749181168-513
So like I told before, I did change SID for user alexander:
[2012/07/03 14:15:11.730721, 1]
rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
_netr_LogonSamLogon: user CALLMYNAME.COM\zvika has user sid
S-1-5-21-3745118107-2241246581-749181168-513
but group sid S-1-5-21-3745118107-2241246581-749181168-513*-513*.
The conflicting domain portions are not supported for NETLOGON calls
And now his SID is ok, SID of group is ok too, but -513 is extra and I
don't see this in Apache Directory Studio, also I don't see it in console
on server (((