[Samba] samba groups problem

Sergio Pereira sergio at ee.ryerson.ca
Thu Dec 4 20:49:15 GMT 2003 

I feel stupid now .. but never mind. I found the 'problem'. I forgot to
map the global groups.

cheers,

sergio




On Thu, 2003-12-04 at 14:41, Sergio Pereira wrote:
> Hi folks,
> 
> I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
> backend. So, all my groups, users are in my ldap database and the
> authentication is working just fine. My problem is with groups, from
> windows xp pro client I'm trying to add to a local group 'Power Users'
> the global group 'Domain Users' but I can see just the users from my
> workstations (winxp pro). Checking others local groups like
> 'Administrators' I can see local users as Administrator and a
> '?'+'SID'+512 (for example:
> ?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.
> 
> I've tried to add users to global group 'Domain Admins' but when logged
> on any workstation the rights doesn't work either. Again, I can add
> users (dom\user) with no problem but I can't do the same thing with
> global groups.
> Any idea on this??
> 
> here's my smb.conf
> ---xxx---
> [global]
>         workgroup = DOM.CA
>         netbios name = PDC
>         server string = SAMBA-LDAP
>         passdb backend = ldapsam:ldap://ldap.dom.ca
>         passwd program = /usr/bin/smbpasswd %u
>         passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
> %n\n
>         log level = 5 ; remember to lower the log level in real life :-)
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap suffix = dc=dom,dc=ca
>         ldap machine suffix = dc=dom,dc=ca
>         ldap user suffix = dc=dom,dc=ca
>         ldap group suffix = dc=dom,dc=ca
>         ldap idmap suffix = dc=dom,dc=ca
>         ldap admin dn = cn=manager,dc=dom,dc=ca
>         ldap ssl = start tls
>         ldap passwd sync = Yes
>         printing = cups
> 
> [homes]
>         comment = Home Directories
>         read only = No
>         create mask = 0664
>         directory mask = 0700
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         guest ok = Yes
> 
> [profiles]
>         path = /home/samba/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         guest ok = Yes
>         profile acls = Yes
>         csc policy = disable
>                                                                                                                                       ---xxx---
> 
> cheers,
> 
> sergio
--

More information about the samba mailing list