[Samba] samba groups problem

Sergio Pereira sergio at ee.ryerson.ca
Thu Dec 4 19:41:57 GMT 2003

Hi folks,

I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
backend. So, all my groups, users are in my ldap database and the
authentication is working just fine. My problem is with groups, from
windows xp pro client I'm trying to add to a local group 'Power Users'
the global group 'Domain Users' but I can see just the users from my
workstations (winxp pro). Checking others local groups like
'Administrators' I can see local users as Administrator and a
'?'+'SID'+512 (for example:
?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.

I've tried to add users to global group 'Domain Admins' but when logged
on any workstation the rights doesn't work either. Again, I can add
users (dom\user) with no problem but I can't do the same thing with
global groups.
Any idea on this??

here's my smb.conf
        workgroup = DOM.CA
        netbios name = PDC
        server string = SAMBA-LDAP
        passdb backend = ldapsam:ldap://ldap.dom.ca
        passwd program = /usr/bin/smbpasswd %u
        passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
        log level = 5 ; remember to lower the log level in real life :-)
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap suffix = dc=dom,dc=ca
        ldap machine suffix = dc=dom,dc=ca
        ldap user suffix = dc=dom,dc=ca
        ldap group suffix = dc=dom,dc=ca
        ldap idmap suffix = dc=dom,dc=ca
        ldap admin dn = cn=manager,dc=dom,dc=ca
        ldap ssl = start tls
        ldap passwd sync = Yes
        printing = cups

        comment = Home Directories
        read only = No
        create mask = 0664
        directory mask = 0700
        browseable = No

        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes

        path = /home/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        profile acls = Yes
        csc policy = disable



More information about the samba mailing list