samba - Dec 2003 - samba groups problem

Hi folks,

I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
backend. So, all my groups, users are in my ldap database and the
authentication is working just fine. My problem is with groups, from
windows xp pro client I'm trying to add to a local group 'Power
Users'
the global group 'Domain Users' but I can see just the users from my
workstations (winxp pro). Checking others local groups like
'Administrators' I can see local users as Administrator and a
'?'+'SID'+512 (for example:
?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.

I've tried to add users to global group 'Domain Admins' but when
logged
on any workstation the rights doesn't work either. Again, I can add
users (dom\user) with no problem but I can't do the same thing with
global groups.
Any idea on this??

here's my smb.conf
---xxx---
[global]
        workgroup = DOM.CA
        netbios name = PDC
        server string = SAMBA-LDAP
        passdb backend = ldapsam:ldap://ldap.dom.ca
        passwd program = /usr/bin/smbpasswd %u
        passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
%n\n
        log level = 5 ; remember to lower the log level in real life :-)
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap suffix = dc=dom,dc=ca
        ldap machine suffix = dc=dom,dc=ca
        ldap user suffix = dc=dom,dc=ca
        ldap group suffix = dc=dom,dc=ca
        ldap idmap suffix = dc=dom,dc=ca
        ldap admin dn = cn=manager,dc=dom,dc=ca
        ldap ssl = start tls
        ldap passwd sync = Yes
        printing = cups

[homes]
        comment = Home Directories
        read only = No
        create mask = 0664
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes

[profiles]
        path = /home/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        profile acls = Yes
        csc policy = disable
                                                                                
---xxx---

cheers,

sergio

I feel stupid now .. but never mind. I found the 'problem'. I forgot to
map the global groups.

cheers,

sergio




On Thu, 2003-12-04 at 14:41, Sergio Pereira wrote:
> Hi folks,
> 
> I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
> backend. So, all my groups, users are in my ldap database and the
> authentication is working just fine. My problem is with groups, from
> windows xp pro client I'm trying to add to a local group 'Power
Users'
> the global group 'Domain Users' but I can see just the users from
my
> workstations (winxp pro). Checking others local groups like
> 'Administrators' I can see local users as Administrator and a
> '?'+'SID'+512 (for example:
> ?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.
> 
> I've tried to add users to global group 'Domain Admins' but
when logged
> on any workstation the rights doesn't work either. Again, I can add
> users (dom\user) with no problem but I can't do the same thing with
> global groups.
> Any idea on this??
> 
> here's my smb.conf
> ---xxx---
> [global]
>         workgroup = DOM.CA
>         netbios name = PDC
>         server string = SAMBA-LDAP
>         passdb backend = ldapsam:ldap://ldap.dom.ca
>         passwd program = /usr/bin/smbpasswd %u
>         passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
> %n\n
>         log level = 5 ; remember to lower the log level in real life :-)
>         log file = /var/log/samba/%m.log
>         max log size = 0
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap suffix = dc=dom,dc=ca
>         ldap machine suffix = dc=dom,dc=ca
>         ldap user suffix = dc=dom,dc=ca
>         ldap group suffix = dc=dom,dc=ca
>         ldap idmap suffix = dc=dom,dc=ca
>         ldap admin dn = cn=manager,dc=dom,dc=ca
>         ldap ssl = start tls
>         ldap passwd sync = Yes
>         printing = cups
> 
> [homes]
>         comment = Home Directories
>         read only = No
>         create mask = 0664
>         directory mask = 0700
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /home/samba/netlogon
>         guest ok = Yes
> 
> [profiles]
>         path = /home/samba/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         guest ok = Yes
>         profile acls = Yes
>         csc policy = disable
>                                                                            
---xxx---
> 
> cheers,
> 
> sergio
--