Le lundi 05 février 2007 à 09:45 +0100, emmanuel musso a écrit : > Hello > > When a windows xp workstation join a domain, by windows gui parameters, ldap > machine attributes are not filled correctly: > > - No attribute sambaprimarygroupsid (before, there was one terminated by 515)
AFAIK, the gid number of a computer/user account entry is now used to determine its primary group SID (if sambaPrimaryGroupSID is not set). > - rid (of sambasid) is not equal a 2*uid+1000 > > If i create a user, rid (sambasid) equal a 2*uid + 1000 (and > sambaprimarygrousid > terminated by 513) > > All the others samba attributes are ok > Same problem if i use "smbldap-useradd -w" before joining the domain; Posix > attributes are created by "smbldap-useradd -w", and samba attributes are > created the first time workstation join the domain, allways with bad sambasid > and without sambaprimarygroupsid. > > Same problem if i use "net join" on a linux smbclient with winbind > > In all cases, my workstation is connected to the domain, and user can use it. > > I didn't change my config, i didn't modify idealx tools. I think the problem > exits since 3.0.23c-1 update in month september. I know my computers who > joined > the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with > sambaprimarygroupsid present, and valid sambasid > (rid = 2* uid + 1000). > I have 2 Domain with the same problem I have one domain that also showed this behaviour (samba 3.0.23d), and another that works « like before ». Looks like that SAMBA was using the sambaNextRid field from the sambaDomainName entry to build the SAMBA SID of the computer accounts, but I don't know why. Regards, -- Cedric Delfosse Linbox / Free&ALter Soft 152, rue de Grigy - Technopole Metz 57070 METZ - FRANCE tel: +33 (0)3 87 50 87 90 http://linbox.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba