[Samba] PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members

Konstantin Boyandin mbo at itelsib.com
Tue Dec 7 00:47:01 MST 2010


After setting up Samba 3.5.6 on CentOS 5.5 (built from sources) I have 
noticed a strange problem.

Windows 2003 servers participating in this Samba domain do not receive 
domain groups list when I, say, try to assign security credentials for a 
file/folder. When I choose domain as source, search reveals only 
technical group names and individual domain users names. No domain group 
names at all.

However, if I type domain group name manually (i.e. "DOMAIN\Domain 
Admins"), it is recognized and displayed correctly in security credentials.

May I ask for hints on  wherethe source of this problem can be and how 
to fix it?

The PDC of smb.conf follows.

============== PDC smb.conf below
unix charset = UTF8
workgroup = DOMAIN	
netbios name = PDC
server string = Samba PDC
passdb backend =ldapsam:"ldap:// ldap://"
username map = /etc/samba/smbusers
interfaces = eth0 lo
bind interfaces only = yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = %u.bat
logon drive = W:
logon home = \\%L\%u
logon path = \\%L\profiles\%u
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=itelsib,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=itelsib,dc=com
idmap backend = ldap://
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
============== PDC smb.conf above


More information about the samba mailing list