domain map group fail

Luke Kenneth Casson Leighton lkcl at samba.org
Thu Jan 20 16:20:31 GMT 2000


On Thu, 20 Jan 2000, Vladimir Stavrinov wrote:

> On  Thu, 20 Jan 2000 15:19:17 +1100   Luke Kenneth Casson Leighton  wrote:
> -------- 
> 
> > On Thu, 20 Jan 2000, Vladimir Stavrinov wrote:
> > 
> > > On  Thu, 20 Jan 2000 14:17:06 +1100   Luke Kenneth Casson Leighton  wrote:
> > > -------- 
> > > 
> > > > hi vladimir,
> > > > 
> > > > the /etc/domaingroup.map file etc, it's world readable, right?  this is
> > > 
> > > Yes, I am aware of this. This configuration is not changing for an
> > > year or more at all and I had no problems until start the TNG.
> > 
> > argh.  ok, can you try [latest cvs] again, and use rpcclient -S
> > yoursambaserver -U% -l log and do the following commands:
> > 
> > lsaquery
> > enumusers
> > enumgroups
> > enumaliases
> > 
> > then, pick an alias and a group that you _know is in the map files, and
> > do:
> > 
> > lookupnames "the alias name" "the group name" "maybe even a username"
> > 
> > you should get some SIDs back.  strip off all but the last RID, and do:
> > 
> > lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid
> > 
> > you _should_ get the same alias, group and user names back, and it
> > _should_ identify them correctly by type as well (thanks to elrond for
> > that type patch!)
> 
> adm="Domain Admins"
> root=admin
> 
> See output below from rpcclient:
> 
> [root at lasp source]# rpcclient -S lasp -U root -l /tmp/log
> Enter Password:
> 
> [root at LASP]$ lsaquery
> lsaquery
> LSA Query Info Policy
> Domain Member     - Domain: L.A.S.P SID: S-1-5-21-3528327861-1831579209-8958510
> 24
> Domain Controller - Domain: LASP SID: S-1-5-21-3528327861-1831579209-895851024

ok, straight away, there is a problem, here.  if your server is a PDC, you
should have Domain:L.A.S.P and Dimain: L.A.S.P here.

i checked your [slightly difficult to read] smb.conf file again, and you
are missing "security = user" from it.  i don't know what the default is,
but this may be part of the problem.

the default may be "security = share" which will certainly _not_ make you
a PDC.

the other issue may be that you are using a NetBIOS name with "."s in it.
try changing this to one that hasn't (e.g LASPDOMAIN).

try theses tests again with these changes.

thx!



More information about the samba-ntdom mailing list