[Samba] User Manager for Domains -- Groups not showing

Ray Klassen rayklassen at gmail.com
Mon Feb 2 23:37:31 GMT 2009 

well that is the weirdest thing

Just like the samba ldap request, it returns nothing

although if I look at the record using

ldapsearch -x -b ou=Groups,dc=thisdomain,dc=com '(&(cn=groupname*))

...the sambaSID attribute is there just like it should be, with the
right number and everything.

Would a slapindex be in order? or what'


On Mon, Feb 2, 2009 at 10:17 AM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Mon, Feb 02, 2009 at 09:16:06AM -0800, Ray Klassen wrote:
>> One sanitized debug lo coming up. This is not using user manager for
>> domains. This is with net rpc group list.
>>
>>
>> > What you need to do is provide a debug level 10 log of smbd
>> > trying to enumerate groups.
>> >
>> > Volker
>> >
>>
>>   smbldap_search_paged: base => [ou=Groups,dc=thisdomain,dc=com],
>> filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))],scope
>> => [2], pagesize => [1024]
>> [2009/02/02 08:41:20, 5] lib/smbldap.c:smbldap_search_ext(1182)
>>   smbldap_search_ext: base => [ou=Groups,dc=thisdomain,dc=com], filter
>> => [(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))],
>> scope => [2]
>> [2009/02/02 08:41:20, 3] lib/smbldap.c:smbldap_search_paged(1333)
>>   smbldap_search_paged: search was successfull
>> [2009/02/02 08:41:20, 10] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(1289)
>>   samr_reply_query_dispinfo: starting group enumeration at index 0
>> [2009/02/02 08:41:20, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
>>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2009/02/02 08:41:20, 5] rpc_parse/parse_samr.c:init_sam_dispinfo_3(1810)
>>   init_sam_dispinfo_3: num_entries: 0
>
> To me this looks as if you don't have any groups in your
> LDAP tree under ou=Groups,dc=thisdomain,dc=com. You should
> be able to do the exact same search with ldapsearch:
>
> ldapsearx -x -b ou=Groups,dc=thisdomain,dc=com '(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))'
>
> and see what comes back.
>
> Volker
>

More information about the samba mailing list