On Wednesday 30 May 2007 09:37:44 Gerald (Jerry) Carter wrote: > Did you make sure to keep the domain SID setting from the > original Samba PDC?
We did indeed forget to do that. However we have now already set it to the old domain SID (using net rpc getsid at the old server) and we still can't authenticate the users. We have tried to delete the old machine account from our server in order to try to rejoin it, but now we can't. Here is what happens at the server: # net join -U root root's password: [2007/05/30 14:58:44, 0] utils/net_ads.c:ads_startup(191) ads_connect: No results returned Creation of workstation account failed Unable to join domain PRODESAN.COM.BR. And here are the logs for that machine on the PDC: [2007/05/30 14:58:55, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/05/30 14:58:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: root [2007/05/30 14:58:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/05/30 14:58:55, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2007/05/30 14:58:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: root [2007/05/30 14:58:55, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root There doesn't seem to be any visible errors, so I went to check the LDAP logs and I only thought this looked a bit strange: May 30 15:02:42 servsso slapd[22129]: conn=79 op=6 SRCH base="ou=grupos,dc=prodesan,dc=com,dc=br" scope=2 deref=0 filter="(&(| (objectClass=sambaGroupMapping)(sambaGroupType=4))(| (sambaSIDList=s-1-5-21-3756370324-611414431-635963119-501) (sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" May 30 15:02:42 servsso slapd[22129]: conn=79 op=6 SRCH attr=sambaSID May 30 15:02:42 servsso slapd[22129]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18) May 30 15:02:42 servsso slapd[22129]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18) May 30 15:02:42 servsso last message repeated 3 times May 30 15:02:42 servsso slapd[22129]: conn=79 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= May 30 15:02:42 servsso slapd[22129]: conn=79 op=7 SRCH base="ou=grupos,dc=prodesan,dc=com,dc=br" scope=2 deref=0 filter="(&(| (objectClass=sambaGroupMapping)(sambaGroupType=4))(| (sambaSIDList=s-1-5-21-3756370324-611414431-635963119-501) (sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" May 30 15:02:42 servsso slapd[22129]: conn=79 op=7 SRCH attr=sambaSID May 30 15:02:42 servsso slapd[22129]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18) May 30 15:02:42 servsso slapd[22129]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18) May 30 15:02:42 servsso last message repeated 3 times When I check the LDAP I can see that the entry "uid=servproducao$,ou=computadores,dc=prodesan,dc=com,dc=br" was created but it doesn't have the sambaSamAccount objectclass attribute, and therefore no samba attributes set. Simply importing the old account from the old PDC doesn't seem to work, as I get some access denied when the server tries to connect to LDAP. -- Diego Alencar Alves de Lima Departamento de Informática - DINF www.prodesan.com.br -- Esta mensagem foi verificada pelo sistema de antiv�rus e acredita-se estar livre de perigo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
