I am using LDAP as my backend. I have 6 PDC's running Samba 3.0.21b,
each domain has a different SID. I store all user,groups,and machine
accounts in one LDAP database. So that when I create a user once, all
domains can see the user. This keeps me from having to create a user
account on each domain for cross domain file sharing.
The behavior for Domains running Samba 3.0.21b is a follows.
DOMAIN1 has a SID of S-1-5-21-1629861336-2395076261-3235541152
DOMAIN2 has a SID of S-1-5-21-2781067772-1786132867-2942848841
In DOMAIN1 I type:
pdbedit -v -u mikec
I get:
Unix username: mikec
NT username: mikec
Account Flags: [U ]
User SID: S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID: *S-1-5-21-1629861336-2395076261-3235541152-513*
In DOMAIN2 I type:
pdbedit -v -u mikec
I get
Unix username: mikec
NT username: mikec
Account Flags: [U ]
User SID: S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID: *S-1-5-21-1629861336-2395076261-3235541152-513*
Which is correct.
I have setup a new PDC for DOMAIN2 using 3.0.23c
Now in DOMAIN2 when I type:
pdbedit -v -u mikec
I get:
NT username: mikec
Account Flags: [U ]
User SID: S-1-5-21-1629861336-2395076261-3235541152-3001
Primary Group SID: *S-1-5-21-2781067772-1786132867-2942848841-513*
When try to conect to a Samba Server in DOMAIN2 from DOMAIN1 I get the
error message
_net_sam_logon: user DOMAIN2\mikec has user sid
S-1-5-21-1629861336-2395076261-3235541152-3001
but group sid S-1-5-21-2781067772-1786132867-2942848841-513.
The conflicting domain portions are not supported for NETLOGON calls
The behavior in 3.0.23c has changed from 3.0.21b
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba