Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Failed to find a Unix account
351 views
Skip to first unread message
gandalf istari
Nov 28, 2013, 4:10:02 AM11/28/13
to
Hi all,
I'm looking now for day's for this problem but i don't find the solution.
I have tried several solutions/setup like:
https://lists.samba.org/archive/samba/2011-May/162571.html
I have a working ldap server for my mail-server and want to extend this to
a samba server also.
when a user connect (without success) I see this error in the logs:
Nov 28 09:24:44 app-04 smbd[11865]: [2013/11/28 09:24:44.700295, 0]
passdb/lookup_sid.c:1684(get_primary_group_sid)
Nov 28 09:24:44 app-04 smbd[11865]: Failed to find a Unix account for
testcheck_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
Running getent passwd show me all the ldap users
running pdbedit -L -v
Unix username: test
NT username: test
Account Flags: [U ]
User SID: S-1-5-21-3736572231-1434995096-3231833993-3012
Primary Group SID: S-1-5-21-3736572231-1434995096-3231833993-513
....
I have populated the ldap through smbldap-populate.
smbldap-usershow test give's also the right information.
[root@xxx samba]# id test
uid=1006(test) gid=503(samba) groups=503(samba),513(Domain Users)
Help would be more than welcome.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I'm looking now for day's for this problem but i don't find the solution.
I have tried several solutions/setup like:
https://lists.samba.org/archive/samba/2011-May/162571.html
I have a working ldap server for my mail-server and want to extend this to
a samba server also.
when a user connect (without success) I see this error in the logs:
Nov 28 09:24:44 app-04 smbd[11865]: [2013/11/28 09:24:44.700295, 0]
passdb/lookup_sid.c:1684(get_primary_group_sid)
Nov 28 09:24:44 app-04 smbd[11865]: Failed to find a Unix account for
testcheck_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
Running getent passwd show me all the ldap users
running pdbedit -L -v
Unix username: test
NT username: test
Account Flags: [U ]
User SID: S-1-5-21-3736572231-1434995096-3231833993-3012
Primary Group SID: S-1-5-21-3736572231-1434995096-3231833993-513
....
I have populated the ldap through smbldap-populate.
smbldap-usershow test give's also the right information.
[root@xxx samba]# id test
uid=1006(test) gid=503(samba) groups=503(samba),513(Domain Users)
Help would be more than welcome.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Harry Jede
Nov 28, 2013, 1:00:02 PM11/28/13
to
On 16:36:16 wrote gandalf istari:
This comes from the smbldap-tools :-( A primary group sid for each users
is set and this is mostly wrong.
# id hjede
uid=1069(hjede) gid=1001(teachers) Gruppen=1001(teachers)
my primary unix goup is teachers
# pdbedit -L -v hjede |egrep 'Unix username|NT username|Primary Group
SID'
Unix username: hjede
NT username: hjede
Primary Group SID: <domainsid>-3003
In windows/samba world my primary group is <domainsid>-3003. And this is
mapt on my gidnumber 1001 in openldap.
# ldapsearch -xLLL cn=teachers gidnumber sambasid
dn: cn=teachers,ou=groups,dc=europaschule,dc=do,dc=nw,dc=schule,dc=de
gidNumber: 1001
sambaSID: <domainsid>-3003
gidnumber in openldap is gid in unix
and you have an other "failure" in your group mapping:
513(Domain Users) in your test account is a secondary group, but in
windows/samba world it'a primary group. Primary groups should have no
members at all.
--
Regards
Harry Jede
is set and this is mostly wrong.
# id hjede
uid=1069(hjede) gid=1001(teachers) Gruppen=1001(teachers)
my primary unix goup is teachers
# pdbedit -L -v hjede |egrep 'Unix username|NT username|Primary Group
SID'
Unix username: hjede
NT username: hjede
Primary Group SID: <domainsid>-3003
In windows/samba world my primary group is <domainsid>-3003. And this is
mapt on my gidnumber 1001 in openldap.
# ldapsearch -xLLL cn=teachers gidnumber sambasid
dn: cn=teachers,ou=groups,dc=europaschule,dc=do,dc=nw,dc=schule,dc=de
gidNumber: 1001
sambaSID: <domainsid>-3003
gidnumber in openldap is gid in unix
and you have an other "failure" in your group mapping:
513(Domain Users) in your test account is a secondary group, but in
windows/samba world it'a primary group. Primary groups should have no
members at all.
--
Regards
Harry Jede
0 new messages