[Samba] Group Members and usersidlist problem

Peter Gowler gowlerp at hotmail.com
Wed Nov 9 09:51:54 GMT 2005 

I have been setting up samba 3.0.20b on Solaris 9 with a Sun Java System 
Directory Server v5.2 and have hit a couple of problems.

The first is that if I run the command

/net rpc group MEMBERS Staff -U administrator

after prompting for the password it just gives the result of a blank line.
Looking through the ldap logs it appears that samba finds the correct group 
mapping but then looks up the details of a group with a gidnumber=-1.

The second is that if I run the command

net usersidlist

I get the result

[2005/11/09 09:44:13, 0] utils/net_rpc.c:net_usersidlist(4123)
  Could not get the user/sid list

Below are sanitised versions of some of my ldap entries, my smb.conf on the 
PDC and an extract from the ldap log.

Any suggestions would be greatly appreciated.

Thanks

Peter

LDIF entries

dn: sambaDomainName=SAMBADOMAIN,o=domain.co.uk,dc=domain,dc=co,dc=uk
sambaDomainName: SAMBADOMAIN
sambaSID: S-1-5-21-4160373677-3793490159-3852503765
objectClass: sambaDomain

dn: cn=Staff, ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk
uidNumber: 517
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: top
objectClass: sambaidmapentry
memberUid: User1
memberUid: User2
gidNumber: 517
sambaGroupType: 2
displayName: Staff
description: Staff Group
cn: Staff
sambaSID: S-1-5-21-4160373677-3793490159-3852503765-2035

dn: uid=User1,ou=People,o=domain.co.uk,dc=domain,dc=co,dc=uk
sambaPrimaryGroupSID: S-1-5-21-4160373677-3793490159-3852503765-513
gidNumber: 513
sambaKickoffTime: 0
sambaNTPassword:
sambaLMPassword:
userPassword:
uidNumber: 1007
uid: User
givenName: Test
sn: User
cn: TestUser1
objectClass: userpresenceprofile
objectClass: top
objectClass: organizationalperson
objectClass: person
objectClass: inetuser
objectClass: inetlocalmailrecipient
objectClass: posixAccount
objectClass: shadowAccount
objectClass: posixGroup
objectClass: sambasamaccount
homeDirectory: /home/user1
sambaDomainName: SAMBADOMAIN
sambaAcctFlags: [U          ]
sambaSID: S-1-5-21-4160373677-3793490159-3852503765 -3014


dn: uid=domain-pdc$,ou=Machines,o=domain.co.uk,dc=domain,dc=co,dc=uk
sambaSID: S-1-5-21-4160373677-3793490159-3852503765
sambaPwdLastSet: 1131290601
sambaNTPassword:
sambaLMPassword:
sambaPwdCanChange: 1131290601
sambaPwdMustChange: 2147483647
displayName: domain-pdc$
objectClass: sambasamaccount
objectClass: account
objectClass: top
uid: domain-pdc$
sambaAcctFlags: [W          ]

dn: uid=domain-one$,ou=Machines,o=domain.co.uk,dc=domain,dc=co,dc=uk
sambaPwdLastSet: 1131409460
sambaNTPassword:
sambaPwdCanChange: 1131409460
sambaSID: S-1-5-21-4160373677-3793490159-3852503765-5002
sambaPwdMustChange: 2147483647
displayName: domain-one$
objectClass: sambasamaccount
objectClass: account
objectClass: top
uid: domain-one$
sambaAcctFlags: [W          ]


smb.conf

[global]
        workgroup = SAMBADOMAIN
        netbios name = DOMAIN-PDC
        server string = SAMBA Primary Domain Controller
        passdb backend = ldapsam:ldap://ldap.domain.co.uk
        passwd program = /scripts/bin/samba-passwd -o %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*modifying*
        unix password sync = Yes
        log level = 10
        time server = Yes
        logon path = \\%N\%U\windows\profile
        logon drive = H:
        logon home = \\DOMAIN-PDC\%U
        domain logons = Yes
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=Directory Manager
        ldap group suffix = ou=group
        ldap machine suffix = ou=Machines
        ldap suffix = o=domain.co.uk,dc=domain,dc=co,dc=uk
        ldap ssl = no
        ldap user suffix = ou=People
        hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/

[homes]
        comment = Home Directory of %U
        path = /qfs1/home/%U
        valid users = %S
        read only = No
        browseable = No

[profiles]
        path = /qfs1/home/%U/profile
        write list = @smbusers, @root
        read only = No
        create mask = 0600
        directory mask = 0700
        case sensitive = No
        preserve case = No
        short preserve case = No
        hide files = /desktop.ini/ntuser.ini/NTUSER.*/
        browseable = No


LDAP log

[09/Nov/2005:09:09:26 +0000] conn=262044 op=5 msgId=6 - SRCH 
base="o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(uid=Staff)(objectClass=sambaSamAccount))" attrs="uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName 
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=5 msgId=6 - RESULT err=0 tag=101 
nentries=0 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=6 msgId=7 - SRCH 
base="ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(objectClass=sambaGroupMapping)(|(displayName=Staff)(cn=Staff)))" 
attrs="gidNumber sambaSID sambaGroupType sambasidlist description 
displayName cn objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=6 msgId=7 - RESULT err=0 tag=101 
nentries=1 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=7 msgId=8 - SRCH 
base="ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=-1))" attrs="gidNumber 
sambaSID sambaGroupType sambasidlist description displayName cn objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=7 msgId=8 - RESULT err=0 tag=101 
nentries=0 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=8 msgId=9 - SRCH 
base="ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(|(objectClass=posixGroup)(objectClass=sambaIdmapEntry))(gidNumber=-1))" 
attrs="gidNumber sambaSID sambaGroupType sambasidlist description 
displayName cn objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=8 msgId=9 - RESULT err=0 tag=101 
nentries=0 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=9 msgId=10 - SRCH 
base="o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(objectClass=sambaIdmapEntry)(gidNumber=-1))" attrs="sambaSID 
uidNumber gidNumber objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=9 msgId=10 - RESULT err=0 
tag=101 nentries=0 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=10 msgId=11 - SRCH 
base="ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=-1))" attrs="gidNumber 
sambaSID sambaGroupType sambasidlist description displayName cn objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=10 msgId=11 - RESULT err=0 
tag=101 nentries=0 etime=0
[09/Nov/2005:09:09:26 +0000] conn=262044 op=11 msgId=12 - SRCH 
base="ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk" scope=2 
filter="(&(|(objectClass=posixGroup)(objectClass=sambaIdmapEntry))(gidNumber=-1))" 
attrs="gidNumber sambaSID sambaGroupType sambasidlist description 
displayName cn objectClass"
[09/Nov/2005:09:09:26 +0000] conn=262044 op=11 msgId=12 - RESULT err=0 
tag=101 nentries=0 etime=0

_________________________________________________________________
MSN Messenger 7.5 is now out. Download it for FREE here. 
http://messenger.msn.co.uk

More information about the samba mailing list