[Samba] NT doesn't like that, you should fix it
Miles Scruggs
miles.scruggs at garnetweb.com
Fri Jul 9 17:37:40 GMT 2004
This is a simple problem, but it took me a while to find the answer also.
man net
and look for GROUPMAP basically you need to map your unix groups to
samba/windows groups. I have a poor understanding of it all so you will
probably want to read up on google, but that should get you started.
Miles
> Dear all,
> I have this in my /var/log/messages (pls mind the line wrap):
> smbd3[3660]: [2004/07/09 15:31:26, 0]
> rpc_server/srv_util.c:get_domain_user_groups(372)
>
> smbd3[3660]: get_domain_user_groups: primary gid of user [fajar] is not
> a
> Domain group !
>
> smbd3[3660]: get_domain_user_groups: You should fix it, NT doesn't like
> that
>
> Why is that? However, the operation is normal, I can logon into the
> domain,
> download the profiles, etc.
>
> This is my smb.conf:
> [global]
> workgroup = samba3
> netbios name = centrino
> server string = Samba Server %v
> message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
> printcap name = cups
> load printers = yes
> printing = cups
> printer admin = @adm
> log file = /var/log/samba3/log.%m
> log level = 3
> map to guest = bad user
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba3/smbpasswd
> unix password sync = Yes
> pam password change = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
> *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba3/smbusers
> include = /etc/samba3/smb.conf.%m
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind separator = +
> winbind use default domain = yes
> template homedir = /home/%D/%U
> obey pam restrictions = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> remote announce = 192.168.0.255
> local master = yes
> os level = 33
> domain master = yes
> preferred master = yes
> domain logons = yes
> logon script = %m.bat
> logon script = %U.bat
> logon path = \\%L\Profiles\%U
> logon home = \\%L\%U\.profile
> add user script = /usr/sbin/useradd -s /bin/false '%u'
> delete user script = /usr/sbin/userdel '%s'
> add user to group script = /usr/bin/gpasswd -a '%u' '%g'
> delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F:
> '{print
> $3}'
> delete group script = /usr/sbin/groupdel '%g'
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
> 'Machine
> Account' -s /bin/false -M %u
> dns proxy = no
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> # You can enable VFS recycle bin on a per share basis:
> # Uncomment the next 2 lines (make sure you create a
> # .recycle folder in the base of the share and ensure
> # all users will have write access to it. See
> # examples/VFS/recycle/REAME in samba-doc for details
> ; vfs object = /usr/lib/samba3/vfs/recycle.so
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba3/netlogon
> guest ok = yes
> writable = yes
> browseable = no
>
> #Uncomment the following 2 lines if you would like your login scripts to
> #be created dynamically by ntlogon (check that you have it in the correct
> #location (the default of the ntlogon rpm available in contribs)
> ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d
> /var/lib/samba3/netlogon
> ;root postexec = rm -f /var/lib/samba3/netlogon/%U.bat
>
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [Profiles]
> path = /var/lib/samba3/profiles
> browseable = no
> guest ok = yes
> writable = yes
> # This script can be enabled to create profile directories on the fly
> # You may want to turn off guest acces if you enable this, as it
> # hasn't been thoroughly tested.
> root preexec = PROFILE=/var/lib/samba3/profiles/%u; if [ ! -e $PROFILE ];
> \
> then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
>
> # NOTE: If you have a CUPS print system there is no need to
> # specifically define each individual printer.
> # You must configure the samba printers with the appropriate Windows
> # drivers on your Windows clients or upload the printer driver to the
> # server from Windows (NT/2000/XP). On the Samba server no filtering is
> # done. If you wish that the server provides the driver and the clients
> # send PostScript ("Generic PostScript Printer" under Windows), you have
> # to use 'printcap name = cups' or swap the 'print command' line below
> # with the commented one. Note that print commands only work if not using
> # 'printing=cups'
> [printers]
> comment = All Printers
> path = /var/spool/samba3
> browseable = no
> # to allow user 'guest account' to print.
> guest ok = yes
> writable = no
> printable = yes
> create mode = 0700
> # =====================================
> # print command: see above for details.
> # =====================================
> print command = lpr-cups -P %p -o raw %s -r # using client side
> printer
> drivers.
> ; print command = lpr-cups -P %p %s # using cups own drivers (use
> generic
> PostScript on clients).
>
> # This share is used for Windows NT-style point-and-print support.
> # To be able to install drivers, you need to be either root, or listed
> # in the printer admin parameter above. Note that you also need write
> access
> # to the directory and share definition to be able to upload the drivers.
> # For more information on this, please see the Printing Support Section of
> # /usr/share/doc/samba3-<version>/docs/Samba-HOWTO-Collection.pdf
> #
> # A special case is using the CUPS Windows Postscript driver, which allows
> # all features available via CUPS on the client, by publishing the ppd
> file
> # and the cups driver by using the 'cupsaddsmb' tool. This requires the
> # installation of the CUPS driver (http://www.cups.org/windows.php)
> # on the server, but doesn't require you to use Windows at all :-).
> [print$]
> path = /var/lib/samba3/printers
> browseable = yes
> write list = @adm root
> guest ok = yes
> inherit permissions = yes
> # Settings suitable for Winbind:
> ; write list = @"Domain Admins" root
> ; force group = +@"Domain Admins"
>
> # A useful application of samba is to make a PDF-generation service
> # To streamline this, install windows postscript drivers (preferably
> colour)
> # on the samba server, so that clients can automatically install them.
> # Note that this only works if 'printing' is *not* set to 'cups'
>
> [pdf-generator]
> path = /var/tmp
> guest ok = No
> printable = Yes
> comment = PDF Generator (only valid users)
> #print command = /usr/share/samba3/scripts/print-pdf file path win_path
> recipient IP &
> print command = /usr/share/samba3/scripts/print-pdf %s ~%u //%L/%u %m
> %I
> "%J" &
>
> # This one is useful for people to share files
> [tmp]
> comment = Temporary file space
> path = /tmp
> read only = no
> public = yes
>
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> [public]
> comment = Public Stuff
> path = /home/samba3/public
> public = yes
> writable = no
> write list = @staff
> [fredsprn]
> comment = Fred's Printer
> valid users = fred
> path = /homes/fred
> printer = freds_printer
> public = no
> writable = no
> printable = yes
> [fredsdir]
> comment = Fred's Service
> path = /usr/somewhere/private
> valid users = fred
> public = no
> writable = yes
> printable = no
> [pchome]
> comment = PC Directories
> path = /usr/pc/%m
> public = no
> writable = yes
> [public]
> path = /usr/somewhere/else/public
> public = yes
> only guest = yes
> writable = yes
> printable = no
> [myshare]
> comment = Mary's and Fred's stuff
> path = /usr/somewhere/shared
> valid users = mary fred
> public = no
> writable = yes
> printable = no
> create mask = 0765
>
> [netware]
> path = /var/lib/samba3/netware-bpk
> public = no
> valid users = test1 test2
> writable = yes
> browseable = no
>
> Thanks
> - --
> Fajar Priyanto | Reg'd Linux User #327841 | http://linux.arinet.org
> 15:56:13 up 8:00, Mandrake Linux release 9.2 (FiveStar) for i586
> public key: https://www.arinet.org/fajar-pub.key
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFA7mGdkp5CsIXuxqURAnBXAKCAltfB45HLXx3YO2RlQdbfvD0uwACfclEi
> 836egEZFISG6YmPWwa1TsY4=
> =Ixss
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list