I feel stupid now .. but never mind. I found the 'problem'. I forgot to
map the global groups.
cheers,
sergio
On Thu, 2003-12-04 at 14:41, Sergio Pereira wrote:> Hi folks,
>
> I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
> backend. So, all my groups, users are in my ldap database and the
> authentication is working just fine. My problem is with groups, from
> windows xp pro client I'm trying to add to a local group 'Power
Users'
> the global group 'Domain Users' but I can see just the users from
my
> workstations (winxp pro). Checking others local groups like
> 'Administrators' I can see local users as Administrator and a
> '?'+'SID'+512 (for example:
> ?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.
>
> I've tried to add users to global group 'Domain Admins' but
when logged
> on any workstation the rights doesn't work either. Again, I can add
> users (dom\user) with no problem but I can't do the same thing with
> global groups.
> Any idea on this??
>
> here's my smb.conf
> ---xxx---
> [global]
> workgroup = DOM.CA
> netbios name = PDC
> server string = SAMBA-LDAP
> passdb backend = ldapsam:ldap://ldap.dom.ca
> passwd program = /usr/bin/smbpasswd %u
> passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
> %n\n
> log level = 5 ; remember to lower the log level in real life :-)
> log file = /var/log/samba/%m.log
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
> domain logons = Yes
> os level = 64
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap suffix = dc=dom,dc=ca
> ldap machine suffix = dc=dom,dc=ca
> ldap user suffix = dc=dom,dc=ca
> ldap group suffix = dc=dom,dc=ca
> ldap idmap suffix = dc=dom,dc=ca
> ldap admin dn = cn=manager,dc=dom,dc=ca
> ldap ssl = start tls
> ldap passwd sync = Yes
> printing = cups
>
> [homes]
> comment = Home Directories
> read only = No
> create mask = 0664
> directory mask = 0700
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = Yes
>
> [profiles]
> path = /home/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> guest ok = Yes
> profile acls = Yes
> csc policy = disable
>
---xxx---
>
> cheers,
>
> sergio
--