[Samba] Identical Servers, Different Results

Robert Steinmetz AIA rob at steinmetznet.com
Thu Jul 15 12:46:54 MDT 2010 

I have a small work group with a Domain Controller and 2 Member Servers.
I am upgrading everything to the Ubuntu 10.04 LTS and then to LDAP

The Domain Controller - HAMLET
Ubuntu 8.04 LTS
Samba Version 3.0.28a

Member Server -REMUS
Ubuntu 10.04 LTS
Samba Version 3.4.7

Member Server -ROMULUS
Ubuntu 10.04 LTS
Samba Version 3.4.7

The member servers are identical hardware and the operating system 
configuration is very similar.

The [Globals] in the smb.conf files on the Member Servers are identical 
as far as I can tell.

> [global] ROMULUS
>         workgroup = ORLEANS
>         server string = %h server (Samba, Ubuntu, Files)
>         security = DOMAIN
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         pam password change = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>         unix password sync = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         local master = No
>         domain master = No
>         dns proxy = No
>         ldap ssl = no
>         usershare allow guests = Yes
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         invalid users = root
>         admin users = root, administrator
>         hosts allow = 192.168.1.0/255.255.255.0
> [global] REMUS
>         workgroup = ORLEANS
>         server string = %h server (Samba, Ubuntu, Authentication, 
> Groupware)
>         security = DOMAIN
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         pam password change = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>         unix password sync = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         dns proxy = No
>         ldap ssl = no
>         usershare allow guests = Yes
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         invalid users = root
>         admin users = root, administrator
>         hosts allow = 192.168.1.0/255.255.255.0
User mapping works as expected, all utilities return the same information.

However group mapping does not seem to work the same on both machines.

# net groupmap list returns an empty list on REMUS

On ROMULUS

# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users
#

Similarly wbinfo -g returns different results

romulus# wbinfo -g
BUILTIN\administrators
BUILTIN\users
domain users
domain admins
domain guests
romulus#

remus# wbinfo -g
domain users
domain admins
domain guests
remus#


# net rpc group -S HAMLET -U administrator
Enter administrator's password:
Domain Users
Domain Admins
Domain Guests
#

Returns the same information on both member servers.

I have checked /etc/nsswitch.conf and both appear the same
-- 
Rob Steinmetz

More information about the samba mailing list