[Samba] Domain Groups missing

Achim Gottinger achim at ag-web.biz
Mon Oct 16 12:00:49 GMT 2006


Achim Gottinger schrieb:
> Hi,
>
> I have a strange problem with my samba domain servers, they do no 
> longer show the domain or local groups.
>
> I run three debian sarge machines as samba domain controllers (samba 
> version is 3.0.23c) with an ldap backend in master/slave configuration.
> getent group shows all the groups, net groupmap list shows all the 
> groups but net rpc info outputs:
>
> Domain Name: GOTTINGER
> Domain SID: S-1-5-21-1446910239-1605792192-310601177
> Sequence number: 1160906670
> Num users: 63
> Num domain groups: 0
> Num local groups: 0
>
> On a w23k server acting as a fileserver the security settings for 
> folders still show the assigned domain groups and they are still 
> working. But i can not add new domain groups.
> Additionaly NT4 server management for users does no longer show the 
> groups. I can add a new group and get an access denied warning but the 
> group shows up in getent group afterwards.
> I'm not sure if this behavior is related to the update to 3.0.23c, i 
> think i added a new folder and modified access rights on the w2k 
> server after the update.
> Any clues what can cause this behavior?
>
> Thx
> achim~
>
I copied the samba and ldap configuration and database stuff to another 
machine, same result, no domain groups showing up in net rpc group. in 
net groupmap list i get two lines with multiple group names in the first 
row:

DomDomDG Prothetik (S-1-5-21-1446910239-1605792192-310601177-5069) -> DG 
Prothetik

Removing an groupmap entry removes the whole dn entry from the ldap 
database. Is this due to the config line "ldap delete dn = yes" ?

I tried to remove all the groups in the groupmap line showing in one 
line, but i can still not get a list of domain groups.

achim~






More information about the samba mailing list