Hi.
I used Samba 2.2.x on my server with LDAP backend. I also had linux users
in LDAP (pam_ldap). I had a separate tree for Samba and for linux users.
Because I had problems browsing the user lists when trying to set
permisions on a share on Win2k and WinXP members of domain and also for
other reasons (printer drivers,...) I started an upgrade process to Samba
3.0 .
After playing a lot with docs,... I realized that I have to modify the
LDAP schema and also some LDAP entries to sucesfully run Samba 3.0 . So I
did a slapcat and change the entries (I also gruped the two separated LDAP
subtreas into one - so that now PosixAccount and SambaSamAccount are in
only one entry). I compiled Samba HEAD (sources/include/version.h says
that it is 3.0.0rc2 with default options). After that I changed my
smb.conf file so that the new knows how to connect to the LDAP backend.
After that I try to run the new server and start playing with Windows
machines.
On one WinXP machine I can login with certain user and I can also access
shares on my Samba server. The problem is that those machine didn't allow
login to another user with same permisions. I guess that it was due to
local password cache, so I removed the machine from the domain, removed
also the samba entry with 'smbpasswd -x -m machine' and readd it with
'smbpasswd -a -m machine'. When I tried to rejoin this machine to the
domain, I got an error: 'Access denied'. When Windows ask me for the
username I entered a user that is part of Domain Admins (group with RID
512:
Domain Admins (S-1-5-21-1774352235-3633204574-4155377895-512) -> ntdomadms
).
When I upgraded I imported the old SID with 'net setlocalsid
<old-sid>'
... I obtained the old SID from MACHINE.SID file on the old Samba server.
I also set the LDAP password for the Administrator bind (smbpasswd -w
<pass>).
Can anyone help me solve the problem.
BTW:
log files reports:
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
0x00000010)
[2003/08/23 22:09:50, 2] smbd/server.c:exit_server(558)
BTW2:
Any of the users can mount an samba exported share from the same system on
a mountpoint using 'mount -t smbfs -o username=DOMAIN\\user
//server_name/share_name mount_point'
Another problem I have is ... why when I select 'Permisions'from the
share
box on Windows machine, I can't get users from Samba server?
Also net rap groupmember LIST "Domain Users" -U DOMAIN\\user%pass
doesn't display nothing.
Thanks a lot.
Regards,
Dezo
