Cesar Amaya wrote:
> Hello list,
> I have two Samba-LDAP DC's each in different networks, domain
> AMECC_SAL (192.168.40.0/24) and domain AMECC_GUA (192.168.42./24). I
> have established a inter-domain trust relationship in both directions.
> My problem comes when I try to log into a machine in the AMECC_SAL
> domain using any user from the AMECC_GUA domain. The machine´s name in
> which I want to sign in is cc03.
>
> The log for the machine account says:
> # tail -f cc03.log
> [2008/03/31 16:55:17, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
> init_group_from_ldap: Entry found for group: 515
> [2008/03/31 16:55:35, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [ricky] -> [ricky] ->
> [ricky] succeeded
> [2008/03/31 16:55:35, 1]
> rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)
> _net_sam_logon: user AMECC_GUA\ricky has user sid
> S-1-5-21-2494724867-3922152549-500773586-3022
> but group sid S-1-5-21-3360583363-2600074294-2199971840-513.
> The conflicting domain portions are not supported for NETLOGON calls
>
> Part of the pdbedit -L -v says:
> Unix username: ricky
> NT username: ricky
> Account Flags: [U ]
> User SID: S-1-5-21-2494724867-3922152549-500773586-3022
> init_group_from_ldap: Entry found for group: 513
> init_group_from_ldap: Entry found for group: 513
> Primary Group SID: S-1-5-21-2494724867-3922152549-500773586-513
>
> from this output we can tell that Primary Group SID is different from
> that group sid of cc03.log file:
> S-1-5-21-3360583363-2600074294-2199971840-513.
> I am using the following software: FreeBSD 7.0 Release,
> samba-3.0.28,1, openldap-2.3.41 and smbldap-tools-0.9.4_2.
>
> Please can any one give some help???
> Thank you very much.
>
>
>
>

I think this error is because the service nns_ldap is not runing. I got
this error nss_ldap: could not search LDAP server - Server is unavailable
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba