[Samba] User Manager for Domains -- Groups not showing
Ray Klassen
rayklassen at gmail.com
Sat Jan 31 14:44:58 GMT 2009
On Fri, Jan 30, 2009 at 10:27 AM, Jeremy Allison <jra at samba.org> wrote:
> On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote:
>> I have a network of about 100+ users with a Samba 3.0.25 server with
>> an LDAP backend that I configured myself (with some help). Recently I
>> have had to add about 300 more users to my system and now I need to
>> get a slightly less technical person to help me manage the accounts.
>> I've been happily using smbldap-tools all of this time, but when I
>> showed what I do to my hapless trainee, her eyes started to glaze
>> over. So as an alternative I'd like to start using the 'User Manager
>> for Domains' in the SRVTOOLS.EXE archive. She might find the point and
>> click of it all more friendly. Only thing is, when I start up User
>> Manager, I can see all the users, but I can't see the groups. So I did
>> a bit of checking and found that nowhere are those available as a
>> list. Not even 'net rpc group list' will give me a list, even though
>> if I add someone to my Domain Admins group everything works correctly.
>> At the windows workstation end I can access the groups by name, to set
>> the permissions of a share to certain group, etc. but I can't list
>> them as I can the users.I've checked all the files...
>> smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive
>> matches up with the right ldap 'ou' and so on. Has anyone any
>> pointers?
>
> There was a bug in earlier versions of the smbldap-tools
> that creates groups with the wrong sid-type. I'd suggest
> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring
> the group-type is changed in your LDAP db (I think it should be
> type 5, rather than type 4 but this could be the other way
> around :-).
>
> Jeremy.
>
3.0.34 is now installed. no change. 'net rpc list groups' returns
nothing, while 'net rpc group members <group>' returns the correct
data
tried changing the group type on a few groups. no change in behavior there.
cleaned up some error messages in my slapd.log where I assume samba
was requesting indexes from slapd.log. just told slap.conf to index
those attributes and the messages went away.
Upping the loglevel in slapd.conf...
More information about the samba
mailing list