Hi Julian, It is not acting as a domain controller, I would like to use the ldap backend of the pdc to authenticate instead of having to setup separate passwords. I have not reset passwords, its a duplicate database of the pdc.
net getlocalsid SID for domain ITSHARE is: S-1-5-21-1243312448-3956249592-3341015638 Kind Regards Brad On Fri, Mar 13, 2009 at 12:39 PM, <j...@bordengrammar.kent.sch.uk> wrote: > Hiya, > > A few questions. > > Is the machine a PDC > > what's the output of the command "net getlocalsid" in a terminal > > What scripts are you using to change passwords? smbldaptools? > > Cheers, > > Julian > > > > Hello > > > > I'm hoping someone can provide some insight, sample snippet from smb.conf > > and the samba log. > > Password authentication is working & succeeding, complains about an > > invalid > > SID which I know is the trust relationship that is formed between server > > and > > client, this is a duplicate ldap database from a samba domain controller. > > > > On the topic, anyone have a good book to recommend on Samba, I feel I am > > only using 10% of its capability and not really well at that... something > > is > > staring me in the face and Im missing it. > > > > [global] > > workgroup = companyx > > printing = cups > > hosts allow = 192.168.1. printcap name = cups > > printcap cache time = 750 > > cups options = raw > > map to guest = Bad User > > include = /etc/samba/dhcp.conf > > security = user > > encrypt passwords = Yes > > obey pam restrictions = No > > log level = 2 > > passdb backend = ldapsam:ldap://127.0.0.1/ > > ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za > > ldap suffix = dc=companyx,dc=co,dc=za > > ldap group suffix = ou=Groups > > ldap user suffix = ou=Users > > ldap machine suffix = ou=Computers > > ldap idmap suffix = ou=Users > > ldap ssl = off > > ldap delete dn = Yes > > > > [testdir] > > comment = test1 > > path = "/data/test" > > browseable = yes > > writable = yes > > read only = no > > available = yes > > valid users = bradleyc > > admin users = bradleyc > > > > > > > > [2009/03/13 08:36:39, 2] > > lib/access.c:check_access(406) > > > > Allowed connection from __ffff_192.168.2.154 > > (::ffff:192.168.2.154) > > > > [2009/03/13 08:36:39, 2] > > lib/smbldap.c:smbldap_open_connection(796) > > > > smbldap_open_connection: connection > > opened > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > > > init_sam_from_ldap: Entry found for user: > > bradleyc > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 513 > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 513 > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 1010 > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 512 > > > > [2009/03/13 08:36:39, 2] > > auth/auth.c:check_ntlm_password(308) > > > > check_ntlm_password: authentication for user [bradleyc] -> [bradleyc] > > -> > > [bradleyc] succeeded > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 544 > > > > [2009/03/13 08:36:39, 2] > > lib/access.c:check_access(406) > > > > Allowed connection from ::ffff:192.168.2.154 > > (::ffff:192.168.2.154) > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_sam_from_ldap(571) > > > > init_sam_from_ldap: Entry found for user: > > bradleyc > > > > [2009/03/13 08:36:39, 2] > > passdb/pdb_ldap.c:init_group_from_ldap(2344) > > > > init_group_from_ldap: Entry found for group: > > 513 > > > > [2009/03/13 08:36:39, 0] > > passdb/passdb.c:lookup_global_sam_name(595) > > > > User bradleyc with invalid SID > > S-1-5-21-1571991244-1820204139-1100571284-3420 in > > passdb > > [2009/03/13 08:36:39, 2] > > smbd/service.c:make_connection_snum(736) > > > > user 'bradleyc' (from session setup) not permitted to access this share > > (testdir) > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba