[Samba] Samba PDC group list empty
L.P.H. van Belle
belle at bazuin.nl
Mon Nov 26 02:32:49 MST 2012
Hai,
The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my problems also.
Louis
>-----Oorspronkelijk bericht-----
>Van: andrej.simko at gmail.com
>[mailto:samba-bounces at lists.samba.org] Namens Andrej Šimko
>Verzonden: vrijdag 23 november 2012 9:11
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba PDC group list empty
>
>Dear samba users,
>
>I have very strange problem. I have Samba PDC up and running, but only
>thing is missing. I cannot see any Domain Groups at all.
>Here is my config:
>
>Debian Squeeze:
>ii samba 2:3.5.6~dfsg-3squeeze8
>SMB/CIFS file, print, and login server for Unix
>ii samba-common 2:3.5.6~dfsg-3squeeze8
> common
>files used by both the Samba server and client
>ii samba-common-bin 2:3.5.6~dfsg-3squeeze8
> common
>files used by both the Samba server and client
>ii samba-doc 2:3.5.6~dfsg-3squeeze8
> Samba
>documentation
>
>/etc/samba/smb.conf
>[global]
>dos charset = CP852
>unix charset = UTF8
>display charset = UTF8
>workgroup = EXAMPLE
>server string = %h server
>map to guest = Bad User
>passdb backend = ldapsam:ldap://127.0.0.1/
>pam password change = Yes
>passwd program = /usr/sbin/smbldap-passwd -u %u
>passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>*all*authentication*tokens*updated*
>syslog = 0
>time server = Yes
>log file = /var/log/samba/samba.log
>log level = 3
>max log size = 1000
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u
>delete user script = /usr/sbin/smbldap-userdel %u -r %u
>add group script = /usr/sbin/smbldap-groupadd -p %g
>delete group script = /usr/sbin/smbldap-groupdel %g
>add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
>delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
>set primary group script = /usr/sbin/smbldap-usermod -g %g %u
>add machine script = /usr/sbin/smbldap-useradd -w %u
>logon script = logon.bat
>domain logons = Yes
>os level = 10
>preferred master = Yes
>domain master = Yes
>dns proxy = No
>wins support = Yes
>ldap admin dn = cn=admin,dc=example,dc=sk
>ldap delete dn = Yes
>ldap group suffix = ou=Groups
>ldap idmap suffix = ou=Idmap
>ldap machine suffix = ou=Computers
>ldap suffix = dc=example,dc=sk
>ldap ssl = no
>ldap user suffix = ou=Users
>panic action = /usr/share/samba/panic-action %d
>map acl inherit = Yes
>case sensitive = No
>hide unreadable = Yes
>map hidden = Yes
>map system = Yes
>
>[homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0644
> directory mask = 0700
> browseable = No
> path = /data/samba/homes
>
>[netlogon]
> comment = Network Logon Service
> path = /data/samba/netlogon
> read only = No
> guest ok = Yes
> locking = No
> share modes = No
>
>[profiles]
> comment = Users profiles
> path = /data/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> hide files = /desktop.ini/
> browseable = No
>
>/etc/nsswitch.conf
># /etc/nsswitch.conf
>#
># Example configuration of GNU Name Service Switch functionality.
># If you have the `glibc-doc-reference' and `info' packages
>installed, try:
># `info libc "Name Service Switch"' for information about this file.
>
>passwd: compat ldap
>group: compat ldap
>shadow: compat ldap
>
>hosts: files dns
>networks: files
>
>protocols: db files
>services: db files
>ethers: db files
>rpc: db files
>
>netgroup: nis
>
>/etc/ldap/ldap.conf
>#
># LDAP Defaults
>#
>
># See ldap.conf(5) for details
># This file should be world readable but not world writable.
>host 127.0.0.1
>base dc=example,dc=sk
>binddn cn=admin,dc=example,dc=sk
>bindpw secret
>bind_policy soft
>pam_password exop
>timelimit 15
>
>nss_base_passwd ou=Users,dc=example,dc=sk
>nss_base_shadow ou=Users,dc=example,dc=sk
>nss_base_group ou=Groups,dc=example,dc=sk
>
>net getdomainsid
>SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780
>SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955
>
>net groupmap list
>Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) -> Domain
>Admins
>Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513)
>-> Domain Users
>Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) -> Domain
>Guests
>Domain Computers
>(S-1-5-21-2390795950-2727105968-4008069955-515) -> Domain
>Computers
>Administrators (S-1-5-32-544) -> Administrators
>Account Operators (S-1-5-32-548) -> Account Operators
>Print Operators (S-1-5-32-550) -> Print Operators
>Backup Operators (S-1-5-32-551) -> Backup Operators
>Replicators (S-1-5-32-552) -> Replicators
>
>
>The strange thing is, if I try on Win XP to search groups, i
>see in logs:
>smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S
>-1-5-21-2390795950-2727105968-4008069955*))],scope
>=> [2], pagesize => [1024]
> smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S
>-1-5-21-2390795950-2727105968-4008069955*))],scope
>=> [2], pagesize => [1024]
> smbldap_search_paged: base => [dc=example,dc=sk], filter =>
>[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S
>-1-5-32*))],scope
>=> [2], pagesize => [1024]
>
>If I try to search in ldap with that filter, I always get zero matches.
>
>I also tried to use wbinfo, wbinfo -u list all my users,
>wbinfo -g list is
>empty. If I try getent passwd and getent group I see all my users and
>groups.
>Can somebody help me with this?
>
>Thank you!
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list