[Samba] net rpc user add produces duplicate SID
Sebastian Scholz
The task is to move an old samba installation (ubuntu with samba 3.0 brachch) to
a new debian installation with samba 3.3.9. Both setups work as pdcs and have an
ldap backend which I try to move from one setup to the next.
In this new setup I tried to ldapsam:editposix = yes. Therefore I also installed
winbind.
I moved the domain SID and the local SID to the new pdc and filled the ldap
directory with all users and machines from the old machine. I can access the smb
via smbclient, id user works and getent passwd, etc.
BUT when I try to add a new user with
# net rpc user add newusername
the user gets a SID which is already used by a machine account. The command
responds with "Faild to add user 'newusername' with: No such user."
# pdbedit -L
reports this user and this machine account with ldapsam_getsampwsid: More than
one user with SID [S-1-5-21....]. Failing. count=2. Deleting the user via
# net rpc user delete newusername
works.
I know how to increase the used uid but I don't know to let winbind use the next
free RID.
Extracts from my smb.conf:
passdb backend = ldapsam
ldap suffix is set
ldap admin dn is set
ldap user/group/machine/idmap suffix are set
ldapsam:trusted = yes
ldapsam:editposix = yes
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
Hope anyone can help and merry christmas to the list
Sebastian
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Sebastian Scholz
>
> I moved the domain SID and the local SID to the new pdc and filled the ldap
> directory with all users and machines from the old machine. I can access the
> smb via smbclient, id user works and getent passwd, etc.
>
> BUT when I try to add a new user with
> # net rpc user add newusername
> the user gets a SID which is already used by a machine account. The command
> responds with "Faild to add user 'newusername' with: No such user."
> # pdbedit -L
> reports this user and this machine account with ldapsam_getsampwsid: More
> than one user with SID [S-1-5-21....]. Failing. count=2. Deleting the user
> with
> # net rpc user delete newusername
> works.
>
Hi List
the same actually happens when I add a new machine to the domain with
net dom join
Can I change the SID/RID somehow after adding a new account or is there a
way to tell net to start from a different RID?
Thanks
Sebastian Scholz
>
> Sebastian Scholz <gsscholz <at> gmail.com> writes:
>
> >
>
> > I moved the domain SID and the local SID to the new pdc and filled the ldap
> > directory with all users and machines from the old machine. I can access
> > the smb via smbclient, id user works and getent passwd, etc.
> >
> > BUT when I try to add a new user with
> > # net rpc user add newusername
> > the user gets a SID which is already used by a machine account. The command
> > responds with "Faild to add user 'newusername' with: No such user."
> > # pdbedit -L
> > reports this user and this machine account with ldapsam_getsampwsid: More
> > than one user with SID [S-1-5-21....]. Failing. count=2. Deleting the user
> > with
> > # net rpc user delete newusername
> > works.
> >
>
> Hi List
>
> the same actually happens when I add a new machine to the domain with
> net dom join
>
> Can I change the SID/RID somehow after adding a new account or is there a
> way to tell net to start from a different RID?
>
> Thanks
> Sebastian
>
Me again,
I hot fixed the problem for me by adding and deleting a dummy user a couple of
times:
# for i in `seq 0 50 ` ; do
# net rpc user add username -U root%geheim
# net rpc user delete username -U root%geheim
# done
but I still guess this is a bug in the net command.
Regards