[Samba] windows doesn't show groups in security tab of file properties

Mario Minati mario at minati.de
Mon Oct 9 16:47:43 GMT 2006


Hello,

I've a Samba 3.0.23c-SerNet-Debian PDC (no BDC or anything) connected to 
OpenLDAP. I thought it would work smoothly, I didn't discover any 
problems until today.

I'am trying to create a ntconfig.pol with poledit, but it doesn't show 
me any groups to add to the policy. I can see all the users by the way.
To eleminate a poledit problem I used the security tab (in german it's 
name is 'Sicherheitseinstellungen') of the file properties dialog to 
test the availability of groups on the Windows 2000 client.
If I try to add a user to a file (either a local one on an NTFS drive, 
or one on the PDC) it only shows me local groups and users and the users 
on the PDC, but I can not see any groups from the PDC.

The funny thing is, that in the security tab the name of the group a 
file on the PDC belongs to is shown correctly, so the resolution of a 
given groupname and SID seems to work.

By the way I tested this behavior on a second Win 2000 vmware instance 
and it's exactly the same.

I checked the output of 'getent groups' on the PDC, they look good (see 
below).
root:x:0:
[...]
ssh:x:103:
administrators:x:999:admin
domain guests:x:10004:
domain machines:x:10005:
buchhaltung:x:1003:ya
honorar:x:1004:ya
intern:x:1007:hm,madt,ya
print_ops:x:1008:administrator
domain_admins:x:10003:administrator
igm:x:1002:hm,madt,ya
dev:x:1006:
software:x:1009:
bpm:x:1005:
pem:x:1010:hm,madt
domain_users:x:10002:administrator,hm,ya,madt
wks_admin:x:1011:administrator,ya


I checked the groupmapping, which also looks good (see below).
domain guests (S-1-5-21-XXX-514) -> domain guests
domain machines (S-1-5-21-XXX-516) -> domain machines
buchhaltung (S-1-5-21-XXX-3007) -> buchhaltung
honorar (S-1-5-21-XXX-3009) -> honorar
intern (S-1-5-21-XXX-3015) -> intern
print_ops (S-1-5-21-XXX-3017) -> print_ops
domain_admins (S-1-5-21-XXX-512) -> domain_admins
igm (S-1-5-21-XXX-3005) -> igm
dev (S-1-5-21-XXX-3013) -> dev
software (S-1-5-21-XXX-3019) -> software
bpm (S-1-5-21-XXX-3011) -> bpm
pem (S-1-5-21-XXX-3021) -> pem
domain_users (S-1-5-21-XXX-513) -> domain_users
wks_admin (S-1-5-21-XXX-3023) -> wks_admin


I looked in the logs (debug level=1) and didn't see anything related to 
my problem (see below):
[2006/10/09 14:49:52, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service profiles initially as 
user administrator (uid=0, gid=10003) (pid 3087)
Could not connect to server sunshine
Connection failed: NT_STATUS_IO_TIMEOUT
[2006/10/09 14:50:05, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service netlogon initially as 
user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:50:05, 1] smbd/service.c:close_cnum(1141)
  sunshine (10.1.10.194) closed connection to service profiles
[2006/10/09 14:50:05, 1] smbd/service.c:close_cnum(1141)
  sunshine (10.1.10.194) closed connection to service netlogon
[2006/10/09 14:50:05, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service administrator 
initially as user administrator (uid=0, gid=10003) (pid 3087)
Could not connect to server sunshine
Connection failed: NT_STATUS_IO_TIMEOUT
[2006/10/09 14:50:16, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service netlogon initially as 
user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:50:21, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service administrator 
initially as user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:50:25, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service administrator 
initially as user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:50:25, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service temp initially as 
user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:51:56, 1] smbd/service.c:make_connection_snum(941)
  sunshine (10.1.10.194) signed connect to service temp initially as 
user administrator (uid=0, gid=10003) (pid 3087)
[2006/10/09 14:52:31, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 10.1.10.194. Error = Die 
Verbindung wurde vom Kommunikationspartner zurückgesetzt
[2006/10/09 15:00:06, 0] printing/print_cups.c:cups_cache_reload(85)
  Unable to connect to CUPS server localhost - Verbindungsaufbau abgelehnt
The last one comes once every hour, I've to check that later on.


I hope someone has an idea where to look at and what the reason for this 
behaviour can be.

Regards,
Mario Minati


More information about the samba mailing list