[Samba] Samba File Server as Domain Member of Samba PDC

Grant grantliddle at gmail.com
Fri Jan 28 08:54:49 MST 2011

One thing to note is that afaik without winbind, windows clients may not be able to set security perms on files and folders from the security tab 
On Jan 28, 2011, at 6:49 AM, Juan Asensio Sánchez <okelet at gmail.com> wrote:

> OK, thanks both four your answers. I am not using Winbind, because (I
> think) Winbind dows the same than configuring the ldap client on the
> server, as I can see with "getent passwd" and "getent group" all
> objects in LDAP.
>> Do you use winbind? If not, you should create a local admin user:
> Why I can't use a domain account member of administrators group?
> Anyway, I added a local root account as you said. When I type:
> [root at sambafs1 ~]# net rpc rights grant "XXXXX.YYYYY\Administradores"
> SeAddUsersPrivilege -U "sambafs1\root"
> Enter sambafs1\root's password:
> Successfully granted rights.
> [root at sambafs1 ~]# net rpc rights list privileges SeAddUsersPrivilege
> -U "sambafs1\root"
> Enter sambafs1\root's password:
> SeAddUsersPrivilege:
>  BUILTIN\Administrators
>  Unix Group\Administradores
> I got "Unix Group\Administradores"; shouldn't it be
> "XXXXX.YYYYY\Administradores"?
> Regards.
> El día 28 de enero de 2011 14:19, TAKAHASHI Motonobu <monyo at monyo.com> escribió:
>> 2011/1/28 Juan Asensio Sánchez <okelet at gmail.com>:
>>> We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2)
>>> servers using LDAP (389 DS v1.2.5) as its database backend. If I run
>>> "net rpc user -UXXXX" from theses servers I get all groups in LDAP.
>>> These servers are working fine for a long time.
>>> Now I have configured a file server (not logon server, sambafs1), as a
>>> member of the domain served by those servers (this with v3.3.8). I
>>> have configured the LDAP client, so I can do "getent passwd" and
>>> "getent group" and I see all objects from LDAP. Next, I have
>>> configured Samba with this conf:
>> (snip)
>>> Next, I have joined the Samba FS in the domain, using the command "net
>>> rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group
>>> -S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't
>>> see any groups, I cannot assign privileges using "net rpc rights
>>> grant", so users can manage shares from Windows using the add, change
>>> and delete share commands.
>> This is an expected behavior.
>> "net rpc group -S sambafs1 -UXXXXX" returns local groups defined on
>> sambafs1, not
>> domain groups.
>> Recently (3.0.24 and after) no groups are defined by default. so you
>> should get no
>> (local) groups.
>>> I cannot assign privileges using "net rpc rights grant"
>> Do you use winbind? If not, you should create a local admin user:
>>  sambafs1# pdbedit -a root
>> And try like:
>>  sambafs1# net rpc rights grant  DOMAINNAME\\USERNAME
>> SeAddUsersPrivilege -U sambafs1\\root
>> ---
>> TAKAHASHI Motonobu <monyo at samba.gr.jp>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list