[Samba] samba and domain local groups

Chris chrisd at better-investing.org
Mon May 9 12:13:36 GMT 2005 

I am having the same problem.

According to MS, the optimal way to do things is to add users to Global 
Groups, add Globals to Domain Local Groups and apply permissions to Domain 
Local Groups.  (I do a 'getent groups' and it does not show in the list).

Since my Domain Local Groups do not register, I cannot do this.  Is there 
something I am missing?  I have read the book, and I don't recall seeing 
anything in particular about this?

Can someone help here?

Thanks!

Chris






On Tuesday 02 November 2004 08:12 pm, Andrew Best wrote:
> Quick question about Samba and Domain Local groups.
> Ive got a Samba 3.0.7 server (redhat 8) as a domain member of a 2K
> Domain in native mode. (security = domain).
>
> Std Windows group mgmt says:
> Users are members of Global Groups.
> Global Groups are members of local groups
> Local Groups control access to resources.
>
> So ive got a Domain Local group I want to use to restrict access to a
> samba share:
> valid users = @"DL_FILE_iCABS_Server"
>
> Problem is, when I browse the share from a 2K/XP PC im prompted for a
> username and password.
> log.winbind says:
> [2004/11/02 15:59:36, 0] nsswitch/winbindd_group.c:winbindd_getgrent(795)
>   could not lookup domain group DL_FILE_iCABS_Server
> [2004/11/02 15:59:36, 1] nsswitch/winbindd_group.c:fill_grent_mem(133)
>   could not lookup membership for group rid
> S-1-5-21-1078081533-1682526488-725345543-1633 in domain
> RENTOKILINITIAL (error: NT_STATUS_NO_SUCH_GROUP)
>
> If I do a 'getent group' I see all the Global Groups but not the
> Domain Local groups and an error similar to the one above is logged
> for each Domain Local group.
>
> So, am I missing something really basic here, ie Samba/Winbind doesnt
> let me use Domain Local groups like this or is this a bug in
> Samba/Winbind?
>
> --
> "If you wash lousy clothing at low temperatures, all you get is cleaner
> lice" - Dr John Maunder

-- 
Chris Ditri
Systems Administrator
National Association Of Investors Corporation
711 W. 13 Mile Road
Madison Heights, MI 48071
(248) 583-6242 Ext. 522
Toll-Free (877) 275-6242 Ext. 376
chrisd at better-investing.org
http://www.better-investing.org

More information about the samba mailing list