I have a server running openldap and samba, acting like a windows domain controller. I have had no problems with adding windows 7 computers and users until today. One user could not login and this was the error.
A device attached to the system is not functioning.
Looking in the samba log file, I found this:
[2011/12/13 10:46:26.074452, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user DOMAIN/user has user sid S-1-5-21-1368477355-3167354948-3261350252-4220 but group sid S-1-5-21-3639540563-330460068-1655887120-513. The conflicting domain portions are not supported for NETLOGON calls
Turns out that I had some users who had the wrong sambaSID and sambaPrimaryGroupSID in their ldap account. After fixing this, the user was able to login without any problems.
Apparently, our WinXP with pGina setup doesn’t look at the SID because these users were not having any problems logging into the XP computers. It was only when moving to Windows7 that the error showed.