[Samba] Samba File Server as Domain Member of Samba PDC

TAKAHASHI Motonobu monyo at monyo.com
Fri Jan 28 06:19:59 MST 2011

2011/1/28 Juan Asensio Sánchez <okelet at gmail.com>:
> We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2)
> servers using LDAP (389 DS v1.2.5) as its database backend. If I run
> "net rpc user -UXXXX" from theses servers I get all groups in LDAP.
> These servers are working fine for a long time.
> Now I have configured a file server (not logon server, sambafs1), as a
> member of the domain served by those servers (this with v3.3.8). I
> have configured the LDAP client, so I can do "getent passwd" and
> "getent group" and I see all objects from LDAP. Next, I have
> configured Samba with this conf:
> Next, I have joined the Samba FS in the domain, using the command "net
> rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group
> -S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't
> see any groups, I cannot assign privileges using "net rpc rights
> grant", so users can manage shares from Windows using the add, change
> and delete share commands.

This is an expected behavior.

"net rpc group -S sambafs1 -UXXXXX" returns local groups defined on
sambafs1, not
domain groups.

Recently (3.0.24 and after) no groups are defined by default. so you
should get no
(local) groups.

> I cannot assign privileges using "net rpc rights grant"

Do you use winbind? If not, you should create a local admin user:

  sambafs1# pdbedit -a root

And try like:
 sambafs1# net rpc rights grant  DOMAINNAME\\USERNAME
SeAddUsersPrivilege -U sambafs1\\root

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list