[Samba] Security = ADS and 3.0.23 Upgrade
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 19 18:17:12 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
>>> *1.* getent passwd no longer lists machine accounts.
>> Only machines? Or no domain users at all? Please read
>> the release notes. 'winbind enum users' was disabled by
>> default in 3.0.23.
> Domain users are listed, machines are not.
> 'winbind enum users = Yes' is and has been set,
> as has 'winbind enum groups = Yes'.
Hmm....That makes no sense to me. Maybe we filtered
them from the getpwent() output. As long as a 'getent passwd
<machine>' works you should be fine. For example,
# getent passwd color\\suse10$
>>> *2.* On the Win2K pdc, the samba system's "DNS name" on the general
>>> tab is now listed as localhost.localdomain,
>>> and the operating system is still listed as Samba 3.0.22.
>>> (In the DNS mmc, the DNS records are correct.)
>> Did you rejoin the domain ? If so, looks like you have
>> a broken /etc/hosts file ni the Samba box. Fix you hostname.
>> We don't set the Operating system attribute any more.
>> Just delete that.
> I did not rejoin the domain. I checked, and both hosts
> and hostname files are correct. I now understand that this
> is the current default behavior.
Do you mean the dNSHostName attribute on the machine's
account localhost.localdomain? Could you send me a screen
shot of exactly what you are referring to? Thanks.
>>> *3.* Old shares are accessible, newly created ones are not.
> Sorry for the lack of clarity and detail.
> A share with 'valid users = DOMAIN+%S' works as before.
> A new share with 'valid users = @"DOMAIN+Domain Users",
> DOMAIN+dale' fails where it previously worked.
> A username/password dialog opens and refuses all
> credentials. This particular "valid user" directive
> worked seamlessly in 3.0.22.
There have been some issues with 'valid users' in 3.0.23
description doesn't appear to match the bug reports
but you might want to test the SAMBA_3_0_23 svn branch
to make sure that you aren't just hitting a bug here.
> net groupmap list only retrieves the two BUILTIN
> groups (administrator and user), so it appears that
> it no longer finds all the Windows domain groups.
> The release notes said default group mapping changes
> affected only tdbsam and smbpasswd backends. Is
> this correct? If so, perhaps I do need to rejoin
> the domain.
This is correct behavior. net groupmap lists local
mappings and has nothing to do with domain groups
managed by Winbind.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba