samba - Mar 2002 - joining samba pdc groups to local w2k groups

Hi,

I installed 2.2.3a with LDAP-Sam on Redhat 7.2 .

Joining w2k-clients to the PDC "ERCAG" and authenticatung users via
ldap works.

But I am not able to join Domain-Users and Domain-Admins to the local
w2k admin and user-groups.

When I view the current members of w2k local groups I only get the
groupname "ERCAG\unix_group.214783404". When I try to add additional
groups from PDC I see only user-accounts and one group: "Domain
Admins",
but I am not able to join the "Domain-Admin"-group. 

I also can't see any posix-groups I added manually to ldap, although
they seem to work via smb and local server shell.

The error message is something like "not able to join to local group,
the member does not exist"(German w2k).

After applying the patch from Ivan Zhakov from 2002-02-26 I also see the
group "Domain User" on w2k, but I cannot join it to a local group(same
error message).


BTW, shouldn't posix-groups and samba-groups be the same? :

---
[root@ercws207 root]# rpcclient -U gal -c "enumdomgroups"
Enter Password:
session setup ok
Domain=[ERCAG] OS=[Unix] Server=[Samba 2.2.3a]
cmd = enumdomgroups
enumdomgroups
group:[Domain Admins] rid:[0x200]
group:[Domain Users] rid:[0x201]
---

---
[root@ercws207 root]# getent group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
floppy:x:19:
utmp:x:22:
mailnull:x:47:
rpm:x:37:
xfs:x:43:
ntp:x:38:
rpc:x:32:
gdm:x:42:
rpcuser:x:29:
nfsnobody:x:65534:
nogroup:x:65534:root
nscd:x:28:
ident:x:98:
radvd:x:75:
apache:x:48:
ldap:x:55:
courier:x:600:
ercma:x:1000:gal
buchh:x:1001:zl,es
computers:x:1002:
---

-- 
Georg

On Sun, 31 Mar 2002, Georg Lutz wrote:
>Hi,
>
>I installed 2.2.3a with LDAP-Sam on Redhat 7.2 .
>
>Joining w2k-clients to the PDC "ERCAG" and authenticatung users
via ldap works.
>
>But I am not able to join Domain-Users and Domain-Admins to the local
>w2k admin and user-groups.
I couldn't tell you how many hours I've wasted on this... I've been
living with it on NT4 and Win2k; redat 7.0, 7.1, 7.2;
samba 2.1, 2.2.2, 2.2.3a. I even got rid of NIS and md5 - no go.
>When I view the current members of w2k local groups I only get the
>groupname "ERCAG\unix_group.214783404". When I try to add
additional
hm, even the number matches.
>groups from PDC I see only user-accounts and one group: "Domain
Admins",
>but I am not able to join the "Domain-Admin"-group.
i just use the local admin to join the domain's root account (root on the
server). really don't like to, but it works.
>The error message is something like "not able to join to local group,
>the member does not exist"(German w2k).
i get a variety of errors, depending on whether i'm in a control panel,
a file perm's dialog, joining a box to the domain, etc.
>>From what I understand, "Domain Admins"-group should be
handled
>internally by samba.
>
>So what is wrong here?
i have a small network, so a 'shared' admin account has worked for me.
using roaming profiles, and putting the local 'Authenticated Users' into
the 'Power Users' group has kept everything running. i just keep hitting
the
'ok' button through all the warnings. not ideal, but at least folks are
working while i do more research. perhaps it'll buy you some time, too.

...dave
-- 
   ~~~~ ____  |   It's kind of fun to do the impossible.- Disney  |
  Y_,___|[]|  |  dave.capella@cornell.edu ~ www.bscb.cornell.edu  |
 {|_|_|_|__|,_|_____dave_w_capella____BSCB____Cornell_University__|
//oo---OO=OO     OO     OO         OO      OO        OO       OO