Konstantin Boyandin
2010-Dec-07 07:47 UTC
[Samba] PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members
Hello, After setting up Samba 3.5.6 on CentOS 5.5 (built from sources) I have noticed a strange problem. Windows 2003 servers participating in this Samba domain do not receive domain groups list when I, say, try to assign security credentials for a file/folder. When I choose domain as source, search reveals only technical group names and individual domain users names. No domain group names at all. However, if I type domain group name manually (i.e. "DOMAIN\Domain Admins"), it is recognized and displayed correctly in security credentials. May I ask for hints on wherethe source of this problem can be and how to fix it? The PDC of smb.conf follows. ============== PDC smb.conf below [global] unix charset = UTF8 workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend =ldapsam:"ldap://10.10.10.1 ldap://10.10.10.10" username map = /etc/samba/smbusers interfaces = eth0 lo bind interfaces only = yes log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = %u.bat logon drive = W: logon home = \\%L\%u logon path = \\%L\profiles\%u domain logons = Yes domain master = Yes wins support = Yes # peformance optimization all users stored in ldap ldapsam:trusted = yes ldap ssl = off ldap suffix = dc=itelsib,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=itelsib,dc=com idmap backend = ldap://10.10.10.1 idmap uid = 10000-20000 idmap gid = 10000-20000 printer admin = root printing = cups ============== PDC smb.conf above Sincerely, Konstantin
Konstantin Boyandin
2010-Dec-13 05:43 UTC
[Samba] PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members
Hello, After setting up Samba 3.5.6 on CentOS 5.5 (built from sources) I have noticed a strange problem. Windows 2003 servers participating in this Samba domain do not receive domain groups list when I, say, try to assign security credentials for a file/folder. When I choose domain as source, search reveals only technical group names and individual domain users names. No domain group names at all. However, if I type domain group name manually (i.e. "DOMAIN\Domain Admins"), it is recognized and displayed correctly in security credentials. May I ask for hints on wherethe source of this problem can be and how to fix it? The PDC of smb.conf follows. ============== PDC smb.conf below [global] unix charset = UTF8 workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend =ldapsam:"ldap://10.10.10.1 ldap://10.10.10.10" username map = /etc/samba/smbusers interfaces = eth0 lo bind interfaces only = yes log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = %u.bat logon drive = W: logon home = \\%L\%u logon path = \\%L\profiles\%u domain logons = Yes domain master = Yes wins support = Yes # peformance optimization all users stored in ldap ldapsam:trusted = yes ldap ssl = off ldap suffix = dc=itelsib,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=itelsib,dc=com idmap backend = ldap://10.10.10.1 idmap uid = 10000-20000 idmap gid = 10000-20000 printer admin = root printing = cups ============== PDC smb.conf above Sincerely, Konstantin
Denis Fateyev
2010-Dec-13 06:14 UTC
[Samba] PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members
Hello, Have you tried the build from SerNet? --- wbr, Denis. On Mon, Dec 13, 2010 at 11:43 AM, Konstantin Boyandin <temmokan at gmail.com>wrote:> Hello, > > After setting up Samba 3.5.6 on CentOS 5.5 (built from sources) I have > noticed a strange problem. > > Windows 2003 servers participating in this Samba domain do not receive > domain groups list when I, say, try to assign security credentials for a > file/folder. When I choose domain as source, search reveals only > technical group names and individual domain users names. No domain group > names at all. >
Possibly Parallel Threads
- (no subject)
- smbd crashes on startup
- Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin)
- Winbind behaviour odd in 3.4.9 and 3.5.6 vs 3.2.14 (Samba domain with Samba member servers)
- Issue providing seamless migrtion (3.0.24 to 3.5.6) - sambaNTPassword mystery