[Samba] PDC with NSVSD/smbpasswd ok, but MySQL backend not quite

James MacLean macleajb at ednet.ns.ca
Sun Feb 20 03:57:02 GMT 2005 

James MacLean wrote:

> Hi Folks,
>
> Samba-3.0.11.
>
> . Using /etc/passwd, /etc/group, smbpasswd - everything in the PDC 
> world seems fine.
>
> . Using /etc/passwd, /etc/group, MySQL backend - I can join the domain 
> but get an error about not being able to find a domain controller when 
> I try to login to the domain with an mysql user. Logging in as root is 
> ok, but likely that is because I use both mysql and smbpasswd backends.
>
> . Using the new NSS http://fssos.sourceforge.net/ works ok if I use 
> smbpasswd.
>
> . Once I switch to NSVS(NSS) and MySQL, I can not log any new users 
> in, but, if I log in as user who originally got in by being in 
> smbpasswd but has since been deleted from smbpasswd, I can continue to 
> login successfully if they exist in the MySQL.
>
> . net rpc group info <smbpasswd user>  gives all group info from 
> /etc/group.
> . net rpc group info <mysql only user>  shows none of the groups they 
> belong to regardless of there existance in /etc/passwd
>
> Long story short... I can only get a new user logged into a PC via the 
> domain for their first time if they have an entry in smbpasswd. After 
> that, being in the MySQL backend appears to be enough.
>
> I can pass along configs if needed, but since it works accept for the 
> mysql change I didn't want to confuse the problem. I don't see the 
> NSS/NSVS being any influence, but wanted to show how the solution was 
> meant to fit together :).
>
> Is this a known limitation in the MySQL backend or more likely, am I 
> setting something up incorrectly?
>
> thanks,
> JES

I am getting there :). I now have :

. The MySQL user table from examples/pdb/mysql/mysql.dump loaded from a 
file of users/passwords.
. The new NSS (FSSOS-NSVS) uses it to get the UID.
. Samba uses it for the MySQL backend - no smbpasswd backend.
. Using "net rpc rights" I was able to have a non-root user used to join 
a computer to a domain
. Log into the domain with users from the MySQL database.

The gotcha that was occurring above was that the SIDs I had been 
importing were not constructed from this Samba's local SID :
net getlocalsid

I then in haste had the wrong domain in the domain field, so one has to 
remember that :).

To change my localsid I did some drastic things :

1. rm /etc/samba/secrets.tdb
2. rm -f /var/lock/samba
3. mkdir /var/lock/samba
4. net setlocalsid <newsid>
5. Check they are ok with "net groupmap list"

But 'twas a new install so I did not mind.

I also added the administrator account -500 as described at the bottom 
of http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
and mapped "Domain Users/Domain Admins/Domain guests/Administrators" to 
local unix accounts, which I verified with "net rpc user info <someone>" 
in the groups.

But I now see that the NT tool usrmgr has a problem looking that user 
accounts. The users all show up, but when I try to expand any I get :

The following error occurred accessing the properties of the user <user>
The stub received bad data.
The user properties can not be viewed or edited at this time.

Any advice :)?

JES

More information about the samba mailing list