[Samba] Samba PDC group list empty
Harry Jede
walk2sun at arcor.de
Tue Nov 27 01:56:54 MST 2012
Hi Simo,
> Hi this is my listing:
>
> net -U administrator rpc group members Administrators
> Enter administrator's password:
> Couldn't list alias members
Your samba server WILL not list the members of this global group, mostly
a security issue.
> ldapsearch -xLLL '(&(objectclass=sambaGroupMapping)(sambaGroupType=4)
> (sambaSID=S-1-5-32*))'
>
> ldapsearch -xLLL '(&(objectclass=sambaGroupMapping)(sambaGroupType=4)
> (sambaSID=*))'
> dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk
> objectClass: sambaSidEntry
> objectClass: sambaGroupMapping
> sambaSID: S-1-5-32-545
> sambaGroupType: 4
> displayName: Users
> gidNumber: 10000
> sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513
Your LDAP client WILL list the group members.
> Do you know what does this mean?
The reason is often "wrong configured" smbldap-tools. Check the
/etc/smbldap-tools/smbldap.conf file for the wrong SID entry.
> > > net getdomainsid
> > > SID for local machine HOST is:
> > > S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE
> > > is: S-1-5-21-2390795950-2727105968-4008069955
Your server and your domain have different SIDs, that may be is yor
problem. Try:
# net setlocalsid S-1-5-21-2390795950-2727105968-4008069955
and restart samba.
> Thanks.
--
regards
Harry Jede
More information about the samba
mailing list