[Samba] Security = ADS and 3.0.23 Upgrade
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Jul 19 16:36:06 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dale Schroeder wrote:
>
>> Since upgrading to 3.0.23 I have encountered several problems. (latest
>> Debian Sarge with deb's from samba.org and security = ADS). All was
>> working flawlessly before.
>>
>> *1.* getent passwd no longer lists machine accounts.
>>
>
> Only machines? Or no domain users at all? Please read
> the release notes. 'winbind enum users' was disabled by
> default in 3.0.23.
>
Domain users are listed, machines are not.
/winbind enum users = Yes/ is and has been set, as has /winbind enum
groups = Yes/.
>
>> *2.* On the Win2K pdc, the samba system's "DNS name"
>> on the general tab is now listed as localhost.localdomain,
>> and the operating system is still listed as Samba 3.0.22.
>> (In the DNS mmc, the DNS records are correct.)
>>
>
> Did you rejoin the domain ? If so, looks like you have
> a broken /etc/hosts file ni the Samba box. Fix you hostname.
>
> We don't set the Operating system attribute any more.
> Just delete that.
>
I did not rejoin the domain. I checked, and both hosts and hostname
files are correct. I now understand that this is the current default
behavior.
>
>> *3.* Old shares are accessible, newly created ones are not.
>>
>
> Not enough detail here.
>
Sorry for the lack of clarity and detail.
A share with /valid users = DOMAIN+%S/ works as before.
A new share with /valid users = @"DOMAIN+Domain Users", DOMAIN+dale/
fails where it previously worked. A username/password dialog opens and
refuses all credentials. This particular "valid user" directive worked
seamlessly in 3.0.22.
net groupmap list only retrieves the two BUILTIN groups (administrator
and user), so it appears that it no longer finds all the Windows domain
groups. The release notes said default group mapping changes affected
only tdbsam and smbpasswd backends. Is this correct? If so, perhaps I
do need to rejoin the domain.
Thank you for the reply,
Dale
More information about the samba
mailing list