-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
t...@tms3.com wrote: > SNIP >>> SID for domain SL1 is: S-1-5-21-1557386430-3227286864-500253393 >>> SID for domain CHEMBMB is: S-1-5-21-4167008922-1292391803-4044586981 >>> >>> 7) Users have both user and group SIDs in the form >>> "S-1-5-21-4167008922-1292391803-4044586981-[unique number]", which is >>> generated according to the rules the smbldap tools use. > > You have two different domains. And the users are in CHEMBMB and the > server is a member of SL1. Why not join SL1 to CHEMBMB? How do I get the server to join CHEMBMB? I spent about two hours trying to get the two SIDs to be the same, with no success. I assumed that was part of the issue, but I finally gave up on making it work. I assume I'd use "net setlocalsid", which shows the following: r...@sl1:~# net getdomainsid SID for domain SL1 is: S-1-5-21-1557386430-3227286864-500253393 SID for domain CHEMBMB is: S-1-5-21-4167008922-1292391803-4044586981 r...@sl1:~# net setlocalsid S-1-5-21-4167008922-1292391803-4044586981 r...@schnelllab1:~# net getdomainsid SID for domain SL1 is: S-1-5-21-1557386430-3227286864-500253393 SID for domain CHEMBMB is: S-1-5-21-4167008922-1292391803-4044586981 If there's something else I should be doing, I'd love to know what it is! - -Alex >>> >>> >>> 8) testparm on sl1 returns the following: >>> >>> Load smb config files from /etc/samba/smb.conf >>> Processing section "[homes]" >>> Processing section "[itadmins]" >>> Loaded services file OK. >>> Server role: ROLE_STANDALONE >>> Press enter to see a dump of your service definitions >>> >>> [global] >>> workgroup = CHEMBMB >>> server string = %h server (Samba, Ubuntu) >>> map to guest = Bad User >>> obey pam restrictions = Yes >>> passdb backend = ldapsam:ldaps://multivac.chem.umass.edu >>> pam password change = Yes >>> passwd program = /usr/bin/passwd %u >>> passwd chat = *Enter\snew\s*\spassword:* %n\n >>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >>> unix password sync = Yes >>> syslog = 255 >>> log file = /var/log/samba/log.%m >>> max log size = 1000 >>> dns proxy = No >>> ldap admin dn = cn=admin,dc=cns >>> ldap group suffix = ou=Chemistry groups >>> ldap suffix = ou=Chemistry,dc=cns >>> ldap ssl = no >>> ldap user suffix = ou=Chemistry users >>> usershare allow guests = Yes >>> panic action = /usr/share/samba/panic-action %d >>> invalid users = root >>> >>> [homes] >>> comment = Home Directories >>> read only = No >>> browseable = No >>> >>> [itadmins] >>> comment = Shared directory for the IT group >>> path = /home/itadmins >>> valid users = spalmer, amckenzie >>> read only = No >>> create mask = 0665 >>> directory mask = 0775 >>> >>> >>> >>> Any advice would be appreciated -- I'm well beyond my understanding of >>> samba at the moment, and my understanding of samba is well beyond what >>> it was 48 hours ago. At the moment neither server is mission critical, >>> so tests that take them temporarily off-line are possible. By early >>> next week things will be authenticating against the LDAP server (we've >>> got no choice -- the old LDAP server is failing fast), so I won't be >>> able to take it down for testing. >>> >>> Thanks in advance, >>> Alex McKenzie >>> a...@chem.umass.edu >>> >>> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (Darwin) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEUEARECAAYFAkvxjXAACgkQWFYfIucpZ2OA2QCY5Ah0KkHwr2QGuCF/jCGf/dDr >> zwCfbXwvHr50j7vZZTuSJxLels7Izv8= >> =58HV >> -----END PGP SIGNATURE----- >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvyk6wACgkQWFYfIucpZ2NCiQCfWaicXsuhA6P01Pbw9xeanUql dqEAn2Z31M+dqjlIKG5uciscBsTB9Rl0 =LAsj -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba