[Samba] User Manager for Domains -- Groups not showing

Ray Klassen rayklassen at gmail.com
Sat Jan 31 15:16:14 GMT 2009

On Sat, Jan 31, 2009 at 6:44 AM, Ray Klassen <rayklassen at gmail.com> wrote:
> On Fri, Jan 30, 2009 at 10:27 AM, Jeremy Allison <jra at samba.org> wrote:
>> On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote:
>>> I have a network of about 100+ users with a Samba 3.0.25 server with
>>> an LDAP backend that I configured myself (with some help). Recently I
>>> have had to add about 300 more users to my system and now I need to
>>> get a slightly less technical person to help me manage the accounts.
>>> I've been happily using smbldap-tools all of this time, but when I
>>> showed what I do to my hapless trainee, her eyes started to glaze
>>> over. So as an alternative I'd like to start using the 'User Manager
>>> for Domains' in the SRVTOOLS.EXE archive. She might find the point and
>>> click of it all more friendly. Only thing is, when I start up User
>>> Manager, I can see all the users, but I can't see the groups. So I did
>>> a bit of checking and found that nowhere are those available as a
>>> list. Not even 'net rpc group list' will give me a list, even though
>>> if I add someone to my Domain Admins group everything works correctly.
>>> At the windows workstation end I can access the groups by name, to set
>>> the permissions of a share to certain group, etc. but I can't list
>>> them as I can the users.I've checked all the files...
>>> smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive
>>> matches up with the right ldap 'ou' and so on. Has anyone any
>>> pointers?
>> There was a bug in earlier versions of the smbldap-tools
>> that creates groups with the wrong sid-type. I'd suggest
>> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring
>> the group-type is changed in your LDAP db (I think it should be
>> type 5, rather than type 4 but this could be the other way
>> around :-).
>> Jeremy.
> 3.0.34 is now installed. no change. 'net rpc list groups' returns
> nothing, while 'net rpc group members <group>' returns the correct
> data
> tried changing the group type on a few groups. no change in behavior there.
> cleaned up some error messages in my slapd.log where I assume samba
> was requesting indexes from slapd.log. just told slap.conf to index
> those attributes and the messages went away.
> Upping the loglevel in slapd.conf...

looking at the slapd logging after  a  'net rpc list groups'  it
locates 57 groups and then queries the sambaSIDList attribute on each
one. (which I said earlier I wasn't set) After which it records
'bdb_search: no candidates' and thats that...

More information about the samba mailing list