[Samba] Can't see domain groups on Win 2K client

Jonathan Gowland jgowland at genaware.com
Tue Dec 3 06:44:00 GMT 2002 

We have Samba 2.2.7 (the RPM for Red Hat 6.2 built by the Samba Team)
running on Red Hat 7.0.  It's set up as a PDC, with the config. file
as follows:

# Global parameters
[global]
        workgroup = ESPL
        server string = GenaWare Sydney main file server
        interfaces = 192.168.20.2/24
        encrypt passwords = Yes
        smb passwd file = /etc/samba/smbpasswd
        passwd program = /usr/bin/passwd %u
        passwd chat = *password* %n\n *password* %n\n *successfull*
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        name resolve order = host wins lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain logons = Yes
        logon script = espl.bat
        os level = 60
        preferred master = Yes
        time server = Yes
        domain master = Yes
        dns proxy = No
        wins proxy = Yes
        wins support = Yes
        add user script = /usr/sbin/useradd -c 'Machine trust account' -d /dev/null -s /bin/false -M -g winboxes %u 

On an NT Workstation 4 with Service Pack 5:

    The system is a member of the domain, and I can log on to the
    domain on this system.

    When using the Windows Explorer Properties applet to try to add
    permissions to a file on a local disk, I can only see domain users
    in the list, plus default domain groups (e.g Domain Users) but I
    can enter a known domain group, and this is added successfully to
    the file's ACLs.

On Windows 2000 (Workstation + Service pack 2, or Server + Service Pack 3)

    The system is a member of the domain, and I can log on to the
    domain on this system.

    When using the Windows Explorer Properties applet to try to add
    permissions to a file on a local disk, I can only see domain users
    in the list, plus default domain groups (e.g Domain Users).  If I
    enter a known domain group, I get the response "Invalid Name".

    If I select a domain user and add permissions for that user, It
    appears to succeed, but when I come back to view the security
    information for the file, all I see is a long user ID string, not
    the user name.

Curiously, on all three client systems, I can see the domain groups when
trying to add permissions to file on a Samba share.

Is it possible to see list of domain groups when adding permissions to
a local file?

Is there something I need to change to achieve this?

More importantly, can Windows 2000 apply domain group permissions
to local files?  If so, how can this be enabled?

-- 
Jonathan Gowland  |  GenaWare Pty Limited

More information about the samba mailing list