[Samba] Samba PDC group list empty

Harry Jede walk2sun at arcor.de
Fri Nov 23 11:07:18 MST 2012


On 18:32:29 wrote Andrej Šimko:
> Dear samba users,
> 
> I have very strange problem. I have Samba PDC up and running, but
> only thing is missing. I cannot see any Domain Groups at all.

...

> net getdomainsid
> SID for local machine HOST is:
> S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is:
> S-1-5-21-2390795950-2727105968-4008069955
> 
> net groupmap list
> Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) ->
> Domain Admins
> Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) ->
> Domain Users Domain Guests
> (S-1-5-21-2390795950-2727105968-4008069955-514) -> Domain Guests
> Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) ->
> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Account Operators (S-1-5-32-548) -> Account Operators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators
> 
> 
> The strange thing is, if I try on Win XP to search groups, i see in
> logs: smbldap_search_paged: base => [dc=example,dc=sk], filter =>
> [(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-2
> 1-2390795950-2727105968-4008069955*))],scope => [2], pagesize =>
> [1024]
>   smbldap_search_paged: base => [dc=example,dc=sk], filter =>
> [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-2
> 1-2390795950-2727105968-4008069955*))],scope => [2], pagesize =>
> [1024]
>   smbldap_search_paged: base => [dc=example,dc=sk], filter =>
> [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-3
# net help rpc group 
Usage:
net rpc group
    Alias for net rpc group list global local builtin
net rpc group add
    Create specified group
net rpc group delete
    Delete specified group
net rpc group addmem
    Add member to group
net rpc group delmem
    Remove member from group
net rpc group list
    List groups
net rpc group members
    List group members
net rpc group rename
    Rename group

# net -U root rpc group members Administrators
EUROPA\Domain Admins


view this output:

# ldapsearch -xLLL '(&(objectclass=sambaGroupMapping)(sambaGroupType=4)
(sambaSID=S-1-5-32*))'
dn: cn=Administrators,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
memberUid: Administrator
description: Netbios Domain Members can fully administer the computer
sambaSID: S-1-5-32-544
sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512
sambaGroupType: 4
displayName: Administrators

dn: cn=users,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 545
cn: users
description: Netbios Domain Users
sambaSID: S-1-5-32-545
sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513
sambaGroupType: 4
displayName: Users

dn: cn=guests,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 546
cn: guests
memberUid: nobody
description: Netbios Domain Guests
sambaSID: S-1-5-32-546
sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-514
sambaGroupType: 4
displayName: Guests

dn: cn=AccountOperators,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: AccountOperators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 4
displayName: Account Operators

dn: cn=PrintOperators,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: PrintOperators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 4
displayName: Print Operators

dn: cn=BackupOperators,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: BackupOperators
description: Netbios Domain Members can bypass file security to back up 
files
sambaSID: S-1-5-32-551
sambaGroupType: 4
displayName: Backup Operators

dn: cn=Replicators,ou=groups,dc=europa,dc=xx
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a 
sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 4
displayName: Replicators


> If I try to search in ldap with that filter, I always get zero
> matches.
> 
> I also tried to use wbinfo, wbinfo -u list all my users, wbinfo -g
> list is empty. If I try getent passwd and getent group I see all my
> users and groups.
> Can somebody help me with this?
> 
> Thank you!


-- 

Gruss
	Harry Jede


More information about the samba mailing list