[Samba] User Manager for Domains -- Groups not showing
samba at the-wes.com
Sat Jan 31 23:25:01 GMT 2009
On Sat, Jan 31, 2009 at 7:16 AM, Ray Klassen <rayklassen at gmail.com> wrote:
> On Sat, Jan 31, 2009 at 6:44 AM, Ray Klassen <rayklassen at gmail.com> wrote:
> > On Fri, Jan 30, 2009 at 10:27 AM, Jeremy Allison <jra at samba.org> wrote:
> >> On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote:
> >>> I have a network of about 100+ users with a Samba 3.0.25 server with
> >>> an LDAP backend that I configured myself (with some help). Recently I
> >>> have had to add about 300 more users to my system and now I need to
> >>> get a slightly less technical person to help me manage the accounts.
> >>> I've been happily using smbldap-tools all of this time, but when I
> >>> showed what I do to my hapless trainee, her eyes started to glaze
> >>> over. So as an alternative I'd like to start using the 'User Manager
> >>> for Domains' in the SRVTOOLS.EXE archive. She might find the point and
> >>> click of it all more friendly. Only thing is, when I start up User
> >>> Manager, I can see all the users, but I can't see the groups. So I did
> >>> a bit of checking and found that nowhere are those available as a
> >>> list. Not even 'net rpc group list' will give me a list, even though
> >>> if I add someone to my Domain Admins group everything works correctly.
> >>> At the windows workstation end I can access the groups by name, to set
> >>> the permissions of a share to certain group, etc. but I can't list
> >>> them as I can the users.I've checked all the files...
> >>> smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive
> >>> matches up with the right ldap 'ou' and so on. Has anyone any
> >>> pointers?
> >> There was a bug in earlier versions of the smbldap-tools
> >> that creates groups with the wrong sid-type. I'd suggest
> >> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring
> >> the group-type is changed in your LDAP db (I think it should be
> >> type 5, rather than type 4 but this could be the other way
> >> around :-).
> >> Jeremy.
> > 3.0.34 is now installed. no change. 'net rpc list groups' returns
> > nothing, while 'net rpc group members <group>' returns the correct
> > data
> > tried changing the group type on a few groups. no change in behavior
> > cleaned up some error messages in my slapd.log where I assume samba
> > was requesting indexes from slapd.log. just told slap.conf to index
> > those attributes and the messages went away.
> > Upping the loglevel in slapd.conf...
> looking at the slapd logging after a 'net rpc list groups' it
> locates 57 groups and then queries the sambaSIDList attribute on each
> one. (which I said earlier I wasn't set) After which it records
> 'bdb_search: no candidates' and thats that...
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
did smbldap-tools get upgraded along with samba? if not, you should update
if so, you will have to delete and re-create the groups in order for them to
be created correctly.
Another workaround would be to delete the groups and use net rpc group to
re-create them. This worked for me.
More information about the samba