Web lists-archives.com

Re: [Samba] Samba v3 works with LDAP, but not Samba v4

On Tue, 16 Oct 2018 20:49:06 -0700
Emil Henry <hbcsc153@xxxxxxxxx> wrote:

> Hi Andrew!
> Really appreciate the clarification and help. Understood about the
> password. I have attached the log. with the "correct"
> password being used. I do see entries in that log for the Primary
> Group of 0. Not sure where I would need to make the change. Any
> guidance would be really appreciated. Have been fighting this for the
> last 3 weeks. :-(

Hi Andrew, if it walks like a duck and quacks like a duck, it very
probably is a duck ;-)

Even though testparm says it is a 'standalone server', it seems to be
acting like a PDC:

[2018/10/16 20:13:57.961606,  5] ../source3/lib/username.c:159(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [johndoe]!
[2018/10/16 20:13:57.961629,  1] ../source3/auth/server_info.c:415(SamInfo3_handle_sids)
  The primary group domain sid(S-1-5-21-923346016-1987626460-2483480028-513) does not match the domain sid(S-1-5-21-3818469484-4016774546-4239961019) for johndoe(S-1-5-21-3818469484-4016774546-4239961019-108752)
[2018/10/16 20:13:57.961672,  4] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/10/16 20:13:57.961694,  0] ../source3/auth/check_samsec.c:493(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INVALID_SID'
[2018/10/16 20:13:57.961867,  5] ../source3/auth/auth.c:251(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_ignoredomain authentication for user [johndoe] FAILED with error NT_STATUS_INVALID_SID, authoritative=1
[2018/10/16 20:13:57.961890,  2] ../source3/auth/auth.c:332(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [johndoe] -> [johndoe]
  FAILED with error NT_STATUS_INVALID_SID, authoritative=1

The user 'johndoe' seems to be rejected because it has the wrong SID.

Are the other machines in a Domain or workgroup ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba