[Samba] Samba PDC group list empty

L.P.H. van Belle belle at bazuin.nl
Mon Nov 26 02:32:49 MST 2012 

Hai, 

The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my problems also. 

Louis


 

>-----Oorspronkelijk bericht-----
>Van: andrej.simko at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Andrej Šimko
>Verzonden: vrijdag 23 november 2012 9:11
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba PDC group list empty
>
>Dear samba users,
>
>I have very strange problem. I have Samba PDC up and running, but only
>thing is missing. I cannot see any Domain Groups at all.
>Here is my config:
>
>Debian Squeeze:
>ii  samba                               2:3.5.6~dfsg-3squeeze8
>SMB/CIFS file, print, and login server for Unix
>ii  samba-common                        2:3.5.6~dfsg-3squeeze8 
>      common
>files used by both the Samba server and client
>ii  samba-common-bin                    2:3.5.6~dfsg-3squeeze8 
>      common
>files used by both the Samba server and client
>ii  samba-doc                           2:3.5.6~dfsg-3squeeze8 
>      Samba
>documentation
>
>/etc/samba/smb.conf
>[global]
>dos charset = CP852
>unix charset = UTF8
>display charset = UTF8
>workgroup = EXAMPLE
>server string = %h server
>map to guest = Bad User
>passdb backend = ldapsam:ldap://127.0.0.1/
>pam password change = Yes
>passwd program = /usr/sbin/smbldap-passwd -u %u
>passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>*all*authentication*tokens*updated*
>syslog = 0
>time server = Yes
>log file = /var/log/samba/samba.log
>log level = 3
>max log size = 1000
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u
>delete user script = /usr/sbin/smbldap-userdel %u -r %u
>add group script = /usr/sbin/smbldap-groupadd -p %g
>delete group script = /usr/sbin/smbldap-groupdel %g
>add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
>delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
>set primary group script = /usr/sbin/smbldap-usermod -g %g %u
>add machine script = /usr/sbin/smbldap-useradd -w %u
>logon script = logon.bat
>domain logons = Yes
>os level = 10
>preferred master = Yes
>domain master = Yes
>dns proxy = No
>wins support = Yes
>ldap admin dn = cn=admin,dc=example,dc=sk
>ldap delete dn = Yes
>ldap group suffix = ou=Groups
>ldap idmap suffix = ou=Idmap
>ldap machine suffix = ou=Computers
>ldap suffix = dc=example,dc=sk
>ldap ssl = no
>ldap user suffix = ou=Users
>panic action = /usr/share/samba/panic-action %d
>map acl inherit = Yes
>case sensitive = No
>hide unreadable = Yes
>map hidden = Yes
>map system = Yes
>
>[homes]
>    comment = Home Directories
>    valid users = %S
>    read only = No
>    create mask = 0644
>    directory mask = 0700
>    browseable = No
>    path = /data/samba/homes
>
>[netlogon]
>    comment = Network Logon Service
>    path = /data/samba/netlogon
>    read only = No
>    guest ok = Yes
>    locking = No
>    share modes = No
>
>[profiles]
>    comment = Users profiles
>    path = /data/samba/profiles
>    read only = No
>    create mask = 0600
>    directory mask = 0700
>    hide files = /desktop.ini/
>    browseable = No
>
>/etc/nsswitch.conf
># /etc/nsswitch.conf
>#
># Example configuration of GNU Name Service Switch functionality.
># If you have the `glibc-doc-reference' and `info' packages 
>installed, try:
># `info libc "Name Service Switch"' for information about this file.
>
>passwd:         compat ldap
>group:          compat ldap
>shadow:         compat ldap
>
>hosts:          files dns
>networks:       files
>
>protocols:      db files
>services:       db files
>ethers:         db files
>rpc:            db files
>
>netgroup:       nis
>
>/etc/ldap/ldap.conf
>#
># LDAP Defaults
>#
>
># See ldap.conf(5) for details
># This file should be world readable but not world writable.
>host 127.0.0.1
>base dc=example,dc=sk
>binddn cn=admin,dc=example,dc=sk
>bindpw secret
>bind_policy soft
>pam_password exop
>timelimit 15
>
>nss_base_passwd ou=Users,dc=example,dc=sk
>nss_base_shadow ou=Users,dc=example,dc=sk
>nss_base_group  ou=Groups,dc=example,dc=sk
>
>net getdomainsid
>SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780
>SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955
>
>net groupmap list
>Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) -> Domain
>Admins
>Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) 
>-> Domain Users
>Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) -> Domain
>Guests
>Domain Computers 
>(S-1-5-21-2390795950-2727105968-4008069955-515) -> Domain
>Computers
>Administrators (S-1-5-32-544) -> Administrators
>Account Operators (S-1-5-32-548) -> Account Operators
>Print Operators (S-1-5-32-550) -> Print Operators
>Backup Operators (S-1-5-32-551) -> Backup Operators
>Replicators (S-1-5-32-552) -> Replicators
>
>
>The strange thing is, if I try on Win XP to search groups, i 
>see in logs:
>smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S
>-1-5-21-2390795950-2727105968-4008069955*))],scope
>=> [2], pagesize => [1024]
>  smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S
>-1-5-21-2390795950-2727105968-4008069955*))],scope
>=> [2], pagesize => [1024]
>  smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S
>-1-5-32*))],scope
>=> [2], pagesize => [1024]
>
>If I try to search in ldap with that filter, I always get zero matches.
>
>I also tried to use wbinfo, wbinfo -u list all my users, 
>wbinfo -g list is
>empty. If I try getent passwd and getent group I see all my users and
>groups.
>Can somebody help me with this?
>
>Thank you!
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list