[Samba] nested groups with ADS does not work?
Vladimir Shved
vladimirshved at gmail.com
Tue Jan 16 05:37:41 GMT 2007
Using current samba 3.0.23d package on debian etch. Joined AD,
everything works but
when doing something like:
net rpc group add demo -L
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
or when doing:
net rpc group add demo -L -U administrator
Password:
add alias failed: NT_STATUS_ACCESS_DENIED
also at the same time log spits this out:
[2007/01/15 22:24:54, 0] auth/auth_util.c:create_builtin_administrators(785)
create_builtin_administrators: Failed to create Administrators
[2007/01/15 22:24:54, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
I did some mappings, so running this:
net groupmap list
Domain Admins (S-1-5-21-2251837095-2786957548-4043407633-512) -> root
Domain Guests (S-1-5-21-2251837095-2786957548-4043407633-514) -> nogroup
Domain Users (S-1-5-21-2251837095-2786957548-4043407633-513) -> users
I'm not using LDAP, only tdbsam.
wbinfo -m
shows only joined AD domain, should it show domain and local domain too?
Also when doing
getent group "domain users"
does not list everyone, maybe only one user. Usually after reboot, it
lists everyone but then after awhile the list becomes empty.
Is it even possible to use nested groups(local groups) on samba when
its in the ADS mode? Is it an issue with debian packages? Can anyone
help?
I'm trying to build ADS member file server without hustle of adding
extra groups to AD, and manage permissions by using local groups on
samba.
Thanks,
--Vlad
More information about the samba
mailing list