[Samba] Samba File Server as Domain Member of Samba PDC

Juan Asensio Sánchez okelet at gmail.com
Fri Jan 28 07:49:51 MST 2011 

OK, thanks both four your answers. I am not using Winbind, because (I
think) Winbind dows the same than configuring the ldap client on the
server, as I can see with "getent passwd" and "getent group" all
objects in LDAP.

> Do you use winbind? If not, you should create a local admin user:

Why I can't use a domain account member of administrators group?

Anyway, I added a local root account as you said. When I type:


[root at sambafs1 ~]# net rpc rights grant "XXXXX.YYYYY\Administradores"
SeAddUsersPrivilege -U "sambafs1\root"
Enter sambafs1\root's password:
Successfully granted rights.

[root at sambafs1 ~]# net rpc rights list privileges SeAddUsersPrivilege
-U "sambafs1\root"
Enter sambafs1\root's password:
SeAddUsersPrivilege:
  BUILTIN\Administrators
  Unix Group\Administradores

I got "Unix Group\Administradores"; shouldn't it be
"XXXXX.YYYYY\Administradores"?

Regards.


El día 28 de enero de 2011 14:19, TAKAHASHI Motonobu <monyo at monyo.com> escribió:
> 2011/1/28 Juan Asensio Sánchez <okelet at gmail.com>:
>> We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2)
>> servers using LDAP (389 DS v1.2.5) as its database backend. If I run
>> "net rpc user -UXXXX" from theses servers I get all groups in LDAP.
>> These servers are working fine for a long time.
>>
>> Now I have configured a file server (not logon server, sambafs1), as a
>> member of the domain served by those servers (this with v3.3.8). I
>> have configured the LDAP client, so I can do "getent passwd" and
>> "getent group" and I see all objects from LDAP. Next, I have
>> configured Samba with this conf:
> (snip)
>> Next, I have joined the Samba FS in the domain, using the command "net
>> rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group
>> -S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't
>> see any groups, I cannot assign privileges using "net rpc rights
>> grant", so users can manage shares from Windows using the add, change
>> and delete share commands.
>
> This is an expected behavior.
>
> "net rpc group -S sambafs1 -UXXXXX" returns local groups defined on
> sambafs1, not
> domain groups.
>
> Recently (3.0.24 and after) no groups are defined by default. so you
> should get no
> (local) groups.
>
>> I cannot assign privileges using "net rpc rights grant"
>
> Do you use winbind? If not, you should create a local admin user:
>
>  sambafs1# pdbedit -a root
>
> And try like:
>  sambafs1# net rpc rights grant  DOMAINNAME\\USERNAME
> SeAddUsersPrivilege -U sambafs1\\root
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
>

More information about the samba mailing list