[Samba] Re: Samba not listening on 127.0.0.1... hua???

[Michael Lueck]

Kristaps Rāts wrote:

> 1) Do you have the user pianoman in your passdb?

Yes indeed, "smbpasswd -a pianoman"

> 2) Is pianoman a member of the Domain Admins group?

net groupmap modify ntgroup="Domain Admins"  unixgroup=domadmin

#/etc/group
domadmin:x:2000:pianoman

I don't have time to track it down right now, but for some crazy reason it looks like it is not obeying the linkage from Samba over to /etc/group just for domain admin. I have a readonly share with 
the write list specified as a group lookup, and the ID allowed to write is able to write. That is a custom ntgroup name vs adding a unixgroup to a pre-existing ntgroup.

At one point I presented to KLUG on our initial Samba 3 PDC configuration...
ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf

Needs to be updated greatly. Bugs which existed then are all squashed... SpoolSS printing works great now for example. "admin users" has been removed and the "net rpc rights grant..." has been put in 
its place. The page showing how I mapped security groups still stands as-was I think. (I refer to our full notes, not what was generic enough to present and build the PDC on the fly during the meeting.)

And the crazy thing... "net groupmap" does not challenge me to authenticate... it just goes and does it. "net rpc rights grant", that has to get all excited about seeing if I am allowed to do it. THAT 
I do not understand. If I blow away the /var/lib/samba/group_mapping.tdb file, restart samba so I am back to defaults... net rpc still complains, and wants me to authenticate. So it's not like my 
settings by mapping the groups first changed the net command's behavior for my next script. "Research it all someday and quit complaining here..." ;-)

-- 
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

Remove the upper case letters NOSPAM to contact me directly.