[Samba] Samba Groups Vanished

Diarmuid Bourke dbourke at cp.dias.ie
Thu Aug 31 10:05:26 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On 08/28/2006 09:49 AM, Diarmuid Bourke escreveu:
> > Hi,
> > Our Samba Groups appear to have vanished.
> >
> > I've verified this by trying, "net group /domain" in windows and it
> > returns no results. Trying "net rpc group -S nuada" on our master server
> > returns nothing either.
> > "net rpc info" on both our master and backup return
> >
> > Domain Name: DIAS
> > Domain SID: S-1-5-21-463069746-3761697030-3888642000
> > Sequence number: 1156762378
> > Num users: 63
> > Num domain groups: 0
> > Num local groups: 0

>	Try improve the debuglevel (-d) when using net, it could
> reveal some nice information to help you out (and also help the
> rest of us to help you).  :-)

Heres the output of "net rpc group list -d3 -S nuada"
using debug
- ------------------------------
[2006/08/31 10:26:57, 3] param/loadparm.c:lp_load(4207)
  lp_load: refreshing parameters
[2006/08/31 10:26:57, 3] param/loadparm.c:init_globals(1393)
  Initialising global parameters
[2006/08/31 10:26:57, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/08/31 10:26:57, 3] param/loadparm.c:do_section(3662)
  Processing section "[global]"
[2006/08/31 10:26:57, 2] lib/interface.c:add_interface(81)
  added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
[2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_lmhosts(855)
  resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20>
[2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(752)
  resolve_wins: Attempting wins lookup for name nuada<0x20>
[2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_hosts(917)
  resolve_hosts: Attempting host lookup for name nuada<0x20>
Password:
[2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_start_connection(1389)
  Connecting to host=nuada
[2006/08/31 10:27:02, 3] lib/util_sock.c:open_socket_out(870)
  Connecting to 160.6.1.102 at port 445
[2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
  Doing spnego session setup (blob length=58)
[2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(735)
  got OID=1 3 6 1 4 1 311 2 2 10
[2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(744)
  got principal=NONE
[2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(929)
  Got challenge flags:
[2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60890215
[2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(951)
  NTLMSSP: Set final flags:
[2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/08/31 10:27:02, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x7624 bind
request returned ok.
[2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x7625 bind
request returned ok.
[2006/08/31 10:27:03, 2] utils/net.c:main(878)
  return code = 0
- -----------------------

and for "net rpc info -d3 -S nuada"
- -----------------------------
[2006/08/31 10:28:27, 3] param/loadparm.c:lp_load(4207)
  lp_load: refreshing parameters
[2006/08/31 10:28:27, 3] param/loadparm.c:init_globals(1393)
  Initialising global parameters
[2006/08/31 10:28:27, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/08/31 10:28:27, 3] param/loadparm.c:do_section(3662)
  Processing section "[global]"
[2006/08/31 10:28:27, 2] lib/interface.c:add_interface(81)
  added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
[2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_lmhosts(855)
  resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20>
[2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(752)
  resolve_wins: Attempting wins lookup for name nuada<0x20>
[2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_hosts(917)
  resolve_hosts: Attempting host lookup for name nuada<0x20>
[2006/08/31 10:28:27, 3] libsmb/cliconnect.c:cli_start_connection(1389)
  Connecting to host=nuada
[2006/08/31 10:28:27, 3] lib/util_sock.c:open_socket_out(870)
  Connecting to 160.6.1.102 at port 445
[2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x76f4 bind
request returned ok.
[2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x76f5 bind
request returned ok.
Domain Name: DIAS
Domain SID: S-1-5-21-463069746-3761697030-3888642000
Sequence number: 1157016508
Num users: 63
Num domain groups: 0
Num local groups: 0
[2006/08/31 10:28:28, 2] utils/net.c:main(878)
  return code = 0
- -------------------------------

> > Groups used work until recently and they exist in our ldap database. We
> > have a primary domain controller with the master ldap database on it and
> > a backup domain controller with a slave ldap database on it. Our version
> > of samba is Version 3.0.23 and openldap is 2.3.24

> 	Any special event between it working and non-working
> status? Maybe a power failure, disk failure, system upgrade,
> LDAP changes, anything...

There was a recompile of OpenLDAP (with the same compile switches as
previous) and the associated applications (nss_ldap, lookupd).


> > and below are the relevant sections of smb.conf from our PDC
[...]

> > Trying an ldapsearch to show groups exist in ldap returns..
> >
> > ldapsearch -x -b cn=geotech,ou=group,dc=cp,dc=dias,dc=ie
> >
*snip*

>	So, as I understood, the group *is* there.  :-)
Yes but samba isn't seeing them.. :-(

>	Could you try to check 'net groupmap' man page
> section, it perhaps could give you more info (do not forget
> about the debuglevel).

Here is "net groupmap list -S nuada -d3"
- ----------------------
[2006/08/31 11:01:54, 3] param/loadparm.c:lp_load(4207)
  lp_load: refreshing parameters
[2006/08/31 11:01:54, 3] param/loadparm.c:init_globals(1393)
  Initialising global parameters
[2006/08/31 11:01:54, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/08/31 11:01:54, 3] param/loadparm.c:do_section(3662)
  Processing section "[global]"
[2006/08/31 11:01:54, 2] lib/interface.c:add_interface(81)
  added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-1935741066-3473949400-2852468943-512) -> -1
Domain Guests (S-1-5-21-1935741066-3473949400-2852468943-514) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-1935741066-3473949400-2852468943-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[2006/08/31 11:01:54, 2] utils/net.c:main(878)
  return code = 0
- --------------------------

*snip*

>	Hope this helps.

>	Kind regards,

*snip*

Thanks again,
Diarmuid.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9rRm3VcUOgGPPMMRAlY+AJ9gIqSG13b7OyD7Sowoia6KdlmWWQCgzYgn
AXDv25R64ACy3hdeoUuWr6g=
=lfeT
-----END PGP SIGNATURE-----

More information about the samba mailing list