[Samba] Security = ADS and 3.0.23 Upgrade

Howard Wilkinson howard at cohtech.com
Wed Jul 19 16:48:13 GMT 2006 

You need to set

winbind enum users = yes
winbind enum groups = yes
winbind nested groups = no

[ not certain about the last but it worked for me ]

Howard.

Dale Schroeder wrote:

> Gerald (Jerry) Carter wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Dale Schroeder wrote:
>>  
>>
>>> Since upgrading to 3.0.23 I have encountered several problems. (latest
>>> Debian Sarge with deb's from samba.org and security = ADS).  All was
>>> working flawlessly before.
>>>
>>> *1.* getent passwd no longer lists machine accounts.
>>>     
>>
>>
>> Only machines?  Or no domain users at all?  Please read
>> the release notes.  'winbind enum users' was disabled by
>> default in 3.0.23.
>>   
>
>
>    Domain users are listed, machines are not.
>    /winbind enum users = Yes/ is and has been set, as has /winbind 
> enum groups = Yes/.
>
>>  
>>
>>> *2.* On the Win2K pdc, the samba system's "DNS name" on the general 
>>> tab is now listed as localhost.localdomain,
>>> and the operating system is still listed as Samba 3.0.22.
>>> (In the DNS mmc, the DNS records are correct.)
>>>     
>>
>>
>> Did you rejoin the domain ?  If so, looks like you have
>> a broken  /etc/hosts file ni the Samba box.  Fix you hostname.
>>
>> We don't set the Operating system attribute any more.
>> Just delete that.
>>   
>
>    I did not rejoin the domain.  I checked, and both hosts and 
> hostname files are correct.  I now understand that this is the current 
> default behavior.
>
>>  
>>
>>> *3.* Old shares are accessible, newly created ones are not.
>>>     
>>
>>
>> Not enough detail here.
>>   
>
>
>    Sorry for the lack of clarity and detail.
>
>    A share with /valid users =  DOMAIN+%S/ works as before.
>    A new share with /valid users = @"DOMAIN+Domain Users", 
> DOMAIN+dale/ fails where it previously worked.  A username/password 
> dialog opens and refuses all credentials.  This particular "valid 
> user" directive worked seamlessly in 3.0.22.
> net groupmap list only retrieves the two BUILTIN groups (administrator 
> and user), so it appears that it no longer finds all the Windows 
> domain groups.  The release notes said default group mapping changes 
> affected only tdbsam and smbpasswd backends.  Is this correct?  If so, 
> perhaps I do need to rejoin the domain.
>
> Thank you for the reply,
> Dale
>
>

-- 

Howard Wilkinson

	

Phone:

	

+44(20)76907075

Coherent Technology Limited

	

Fax:

	

 

23 Northampton Square,

	

Mobile:

	

+44(7980)639379

London, United Kingdom, EC1V 0HL

	

Email:

	

howard at cohtech.com

More information about the samba mailing list