[Samba] Samba File Server as Domain Member of Samba PDC

Juan Asensio Sánchez okelet at gmail.com
Fri Jan 28 00:55:22 MST 2011


We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2)
servers using LDAP (389 DS v1.2.5) as its database backend. If I run
"net rpc user -UXXXX" from theses servers I get all groups in LDAP.
These servers are working fine for a long time.

Now I have configured a file server (not logon server, sambafs1), as a
member of the domain served by those servers (this with v3.3.8). I
have configured the LDAP client, so I can do "getent passwd" and
"getent group" and I see all objects from LDAP. Next, I have
configured Samba with this conf:

unix charset = LOCALE
workgroup = XXXXX.YYYYY
server string = Samba FS XXXXX.YYYYY - ZZZZZZZZZ

security = domain
encrypt passwords = yes
password server = sambapdc1 sambapdc2
wins server = sambapdc1 sambapdc2

syslog = 0
log level = 2
#log level = 20
log file = /var/log/samba/%m.trace
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Opciones de gestión de recursos compartidos
add share command    = /bin/bash /opt/ldap/samba/smb_share_add.sh
change share command = /bin/bash /opt/ldap/samba/smb_share_add.sh
delete share command = /bin/bash /opt/ldap/samba/smb_share_del.sh

map acl inherit = Yes

Next, I have joined the Samba FS in the domain, using the command "net
rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group
-S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't
see any groups, I cannot assign privileges using "net rpc rights
grant", so users can manage shares from Windows using the add, change
and delete share commands.

Thanks in advance. Regards,

More information about the samba mailing list