[Samba] Strange problems with my Samba Domain - Any ideas?

dewi dewi at brentwood.bc.ca
Mon Sep 6 00:34:58 GMT 2004


I have just migrated our school NT4  Domain over to Samba 
3.0.5-0.backports.org.1 running on Debian Stable with some backports 

I am using ldapsam backend with OpenLDAP 2.0.23-6.3 - ldap-server

For the most part ,the Domain is functioning very well, login, password 
changes, browsing the domain etc. all seem to work, but I have a starnge 
problem with looking up users and groups.

usrmgr and srvmgr running on NT/2000/XP servers/workstations will not 
function - they complain about "Invalid Tag"
from and NT workstation, when I go into security panel on a fiel 
permission, I can view all the doamin groups, but when I try to expand 
the list to view users, I again get the "Invalid Tag" error.
Doing the same thing from a 2000 or XP workstation, only shows local 
machine groups and will not display the Domain groups, or give me the 
option to view domain users.

However, if I manually type in a domain user or group e.g. 
\\DOMAIN1\bill.bloggs I am able to assign rights to that entity.

Can anyone give me clues as to what might be amiss here, the onlt info 
I've  found so far applies to Samba 2.something and was supposed to 
fixed a while ago.

smb.conf is given below:-

unix charset = LOCALE
workgroup = OURDOMAIN
netbios name = STAFF_SAMBA
interfaces = eth0, lo
bind interfaces only = Yes
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://localhost
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /sbin/smbldap-useradd -a -m '%u'
delete user script = /sbin/smbldap-userdel %u
add group script = /sbin/smbldap-groupadd -p '%g'
delete group script = /sbin/smbldap-groupdel '%g'
add user to group script = /sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /sbin/smbldap-usermod -g '%g' '%u'
add machine script = /sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
domain logons = Yes
domain master = Yes
preferred master = Yes
wins support = Yes
ldap suffix = o=brentwood.bc.ca.
ldap machine suffix = ou=People,ou=internal
ldap user suffix = ou=People,ou=internal
ldap group suffix = ou=Groups,ou=internal
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,o=brentwood.bc.ca.
idmap backend = ldap:ldap://localhost
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
printer admin = Headboy, pavittd, dewi, Administrator


More information about the samba mailing list