[Samba] Samba Groups Vanished

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Thu Aug 31 15:29:01 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/31/2006 07:05 AM, Diarmuid Bourke escreveu:
>>>On 08/28/2006 09:49 AM, Diarmuid Bourke escreveu:
[...]
>>>>Our Samba Groups appear to have vanished.
>>>>
>>>>I've verified this by trying, "net group /domain" in windows and it
>>>>returns no results. Trying "net rpc group -S nuada" on our master server
>>>>returns nothing either.
>>>>"net rpc info" on both our master and backup return
>>>>
>>>>Domain Name: DIAS
>>>>Domain SID: S-1-5-21-463069746-3761697030-3888642000
>>>>Sequence number: 1156762378
>>>>Num users: 63
>>>>Num domain groups: 0
>>>>Num local groups: 0
>>>
>>>	Try improve the debuglevel (-d) when using net, it could
>>>reveal some nice information to help you out (and also help the
>>>rest of us to help you).  :-)
> 
> Heres the output of "net rpc group list -d3 -S nuada"
> using debug
> ------------------------------
> [2006/08/31 10:26:57, 3] param/loadparm.c:lp_load(4207)
>   lp_load: refreshing parameters
> [2006/08/31 10:26:57, 3] param/loadparm.c:init_globals(1393)
>   Initialising global parameters
> [2006/08/31 10:26:57, 3] param/params.c:pm_process(574)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2006/08/31 10:26:57, 3] param/loadparm.c:do_section(3662)
>   Processing section "[global]"
> [2006/08/31 10:26:57, 2] lib/interface.c:add_interface(81)
>   added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_lmhosts(855)
>   resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20>
> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(752)
>   resolve_wins: Attempting wins lookup for name nuada<0x20>
> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(755)
>   resolve_wins: WINS server resolution selected and no WINS servers listed.
> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_hosts(917)
>   resolve_hosts: Attempting host lookup for name nuada<0x20>
> Password:
> [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_start_connection(1389)
>   Connecting to host=nuada
> [2006/08/31 10:27:02, 3] lib/util_sock.c:open_socket_out(870)
>   Connecting to 160.6.1.102 at port 445
> [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
>   Doing spnego session setup (blob length=58)
> [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(735)
>   got OID=1 3 6 1 4 1 311 2 2 10
> [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(744)
>   got principal=NONE
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(929)
>   Got challenge flags:
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60890215
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(951)
>   NTLMSSP: Set final flags:
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60080215
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
>   NTLMSSP Sign/Seal - Initialising with flags:
> [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60080215
> [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x7624 bind
> request returned ok.
> [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x7625 bind
> request returned ok.
> [2006/08/31 10:27:03, 2] utils/net.c:main(878)
>   return code = 0
> -----------------------
> 
> and for "net rpc info -d3 -S nuada"
> -----------------------------
> [2006/08/31 10:28:27, 3] param/loadparm.c:lp_load(4207)
>   lp_load: refreshing parameters
> [2006/08/31 10:28:27, 3] param/loadparm.c:init_globals(1393)
>   Initialising global parameters
> [2006/08/31 10:28:27, 3] param/params.c:pm_process(574)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2006/08/31 10:28:27, 3] param/loadparm.c:do_section(3662)
>   Processing section "[global]"
> [2006/08/31 10:28:27, 2] lib/interface.c:add_interface(81)
>   added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_lmhosts(855)
>   resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20>
> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(752)
>   resolve_wins: Attempting wins lookup for name nuada<0x20>
> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(755)
>   resolve_wins: WINS server resolution selected and no WINS servers listed.
> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_hosts(917)
>   resolve_hosts: Attempting host lookup for name nuada<0x20>
> [2006/08/31 10:28:27, 3] libsmb/cliconnect.c:cli_start_connection(1389)
>   Connecting to host=nuada
> [2006/08/31 10:28:27, 3] lib/util_sock.c:open_socket_out(870)
>   Connecting to 160.6.1.102 at port 445
> [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x76f4 bind
> request returned ok.
> [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x76f5 bind
> request returned ok.
> Domain Name: DIAS
> Domain SID: S-1-5-21-463069746-3761697030-3888642000
> Sequence number: 1157016508
> Num users: 63
> Num domain groups: 0
> Num local groups: 0
> [2006/08/31 10:28:28, 2] utils/net.c:main(878)
>   return code = 0
> -------------------------------
> 
> 
>>>>Groups used work until recently and they exist in our ldap database. We
>>>>have a primary domain controller with the master ldap database on it and
>>>>a backup domain controller with a slave ldap database on it. Our version
>>>>of samba is Version 3.0.23 and openldap is 2.3.24
>>>
>>>	Any special event between it working and non-working
>>>status? Maybe a power failure, disk failure, system upgrade,
>>>LDAP changes, anything...
> 
> There was a recompile of OpenLDAP (with the same compile switches as
> previous) and the associated applications (nss_ldap, lookupd).

	Did you try to remap the groups using net groupmap?


>>>>Trying an ldapsearch to show groups exist in ldap returns..
>>>>ldapsearch -x -b cn=geotech,ou=group,dc=cp,dc=dias,dc=ie
> 
> *snip*
> 
>>>	So, as I understood, the group *is* there.  :-)
> 
> Yes but samba isn't seeing them.. :-(

	The groupmap should bring you back. ;)

	But, there are some changes in the Group Mapping in Samba
3.0.23, and I'm not quite sure why your groups are not being listed
since you have the right parameters.

http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2568835
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html#id2550114


>>>	Could you try to check 'net groupmap' man page
>>>section, it perhaps could give you more info (do not forget
>>>about the debuglevel).
> 
> Here is "net groupmap list -S nuada -d3"
> ----------------------
> [2006/08/31 11:01:54, 3] param/loadparm.c:lp_load(4207)
>   lp_load: refreshing parameters
> [2006/08/31 11:01:54, 3] param/loadparm.c:init_globals(1393)
>   Initialising global parameters
> [2006/08/31 11:01:54, 3] param/params.c:pm_process(574)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2006/08/31 11:01:54, 3] param/loadparm.c:do_section(3662)
>   Processing section "[global]"
> [2006/08/31 11:01:54, 2] lib/interface.c:add_interface(81)
>   added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Admins (S-1-5-21-1935741066-3473949400-2852468943-512) -> -1
> Domain Guests (S-1-5-21-1935741066-3473949400-2852468943-514) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-1935741066-3473949400-2852468943-513) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> [2006/08/31 11:01:54, 2] utils/net.c:main(878)
>   return code = 0
> --------------------------
> 
> *snip*

	There are no groupmaps.

	You should also run testparm, and increase the debuglevel
a little bit more, I'm running out of options. Sorry. :-(


>>>	Hope this helps.
>>>	Kind regards,
> 
> *snip*
> Thanks again,
> Diarmuid.


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFE9wA9Cj65ZxU4gPQRAjmwAJ9MK1YOVwTC/eLAcbM0EcxqeMvLvgCgmQPq
NskXoIHnFzer42gBE0oY2Vs=
=Dg4d
-----END PGP SIGNATURE-----

More information about the samba mailing list