[Samba] 3.6.23-25.el6_7 and 4.2.10 and "Domain Admins" are/not Admins?
lejeczek
peljasz at yahoo.co.uk
Mon Oct 24 11:53:45 UTC 2016
thanks Aleksey
before I can try your suggestions I have to solve another
problem which has just occur on that 4.2 Samba, now that
server (it did crash caused some other hardware problem) fails:
$ smblcient -L //serverB -Uthis_dom\\this_user
SPNEGO login failed: Indicates the SID structure is not valid.
session setup failed: NT_STATUS_INVALID_SID
I do not recall there was on OS/samba update, only that
crash(cold reboot) and now this problem (and it was ok, not
SID problem ever since I set it up). I'm googling but would
you, would anybody know what might be the problem?
The first server, PDC is ok, no above problem there.
$ smblcient -L //serverA -Uthis_dom\\this_user = result OK
On the failing server I backed up, remove and let samba
recreate /var/lib/samba.
Again, for both servers userdb backend is the same
multi-master ldap.
I have, always had these in smb.conf
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap debug level = 4
ldap debug threshold = 10
regards
L.
On 20/10/16 08:23, Gavrilov Aleksey via samba wrote:
> hi
>
> It can be so help
>
> [global]
> >---admin users = @nt_admins
>
> if not then I need
>
> 1. root at pdc:~# testparm
> 2. root at pdc:~# ldapsearch -xLLL -H ldapi:/// -b
> ou=groups,ou=arkhangelsk,dc=rugion,dc=ru
>
> ldap suffix = ou=arkhangelsk,dc=rugion,dc=ru
>
> ldap group suffix = ou=groups
>
> 3. try
>
> log level = 10
>
> max log size = 1000
>
> and go through the authorization in windows pc
> see the log of communication with the server PC.
> usually here /var/log/samba/log.ip or
> /var/log/samba/log.name-pc
>
> 4. no harm will see errors in these files too
>
> /var/log/samba/log.nmbd
>
> /var/log/samba/log.smbd
>
>
> On 20.10.2016 02:28, lejeczek via samba wrote:
>> hi all
>>
>> I have two different Samba versions as PDC and BDC and
>> depending on which one is "domain master" users which are
>> domain admins are not recognized as such.
>>
>> Everything seems normal with 3.6.23-25.el6_7 as "domain
>> master" but when I configure them so 4.2.10 is the master
>> then I login to Win7 fine but Windows tells me that the
>> user is not an Admin and I need to supply credential
>> (wherever it's necessary of course).
>>
>> Both Sambas are config-wise virtually identical, I only
>> swap "domain master = yes" around.
>>
>> User backends are for both Sambas multi-master LDAP so
>> these too should (I believe are) are identical for both
>> servers.
>>
>> What could it be? Gee, some good hint could be a
>> master-headache savior.
>>
>> many! thanks.
>>
>> L.
>>
>>
>
More information about the samba
mailing list