[Samba] User Manager for Domains -- Groups not showing
christian at solvare.se
Thu Feb 5 15:46:48 GMT 2009
OK, found this thread (I googled, I (thought I) checked the list prior
to posting, well, well...)
Ray Klassen skrev:
> looking at the slapd logging after a 'net rpc list groups' it
> locates 57 groups and then queries the sambaSIDList attribute on each
> one. (which I said earlier I wasn't set) After which it records
> 'bdb_search: no candidates' and thats that...
I get the feeling that there are several ways that samba tries to find
group members, but using SIDs in sambaSIDList attributes of the group is
not anything I have found in any docs (nor have I yet dived into the
source to find out...)
(If samba actually tries in several ways there might be a chance to use
the first method to improve performance? Not that that is on my current
list of things to do...)
Jeremy Allison skrev:
> There was a bug in earlier versions of the smbldap-tools
> that creates groups with the wrong sid-type. I'd suggest
> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring
> the group-type is changed in your LDAP db (I think it should be
> type 5, rather than type 4 but this could be the other way
> around :-).
Just trying to get my head around this:
group-type 2: domain groups
group-type 4: local groups
group-type 5: builtin groups
Now, I checked well-known SIDs at http://support.microsoft.com/kb/243330
but I really have no clue as to which are domain groups and not, guess
I'll have check the latest smbldap-tools
The funny thing is that net group list mostly works, but
# net rpc -Uadmin -Sserver2 group MEMBERS "Domain Admins"
# net rpc -Uadmin -Sserver2 group ADDMEM "Domain Admins" admin
Could not add admin to Domain Admins: NT_STATUS_MEMBER_IN_GROUP
so the user admin is and is not a member of "Domain Admins"
Clues are welcome, I will investigate which groups should be which type
in the meantime...
More information about the samba