Howdy People, Since my last posting things have definitely taken a turn for the worse The XP clients cannot now even find the domain controller !! my smb.conf file is [global] log file = /var/log/samba/log.%m load printers = no name resolve order = wins bcast lmhosts host admin users = @admingrp socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 obey pam restrictions = Yes lm announce = True domain master = True username map = /etc/samba/user.map encrypt passwords = yes passwd program = /usr/bin/passwd %u wins support = true dns proxy = No netbios name = SAMBASERVER server string = sambaserver logon script = logon.bat unix password sync = yes workgroup = PINARC os level = 255 security = user preferred master = True max log size = 50 domain logons = Yes logon drive = h: logon home =\\%N\%U logon path = \\%N\profiles\%U add user script = /usr/sbin/useradd -d /dev/null -g 400 -s /bin/false -M /%u [Profiles] comment = Profiles Directory path = /SYS/profiles read only = no create mask = 0600 directory mask = 0700 profile acls = yes writeable = yes [netlogon] comment = For Administration Use path = /etc/samba/netlogon valid users = %U write list = @admingrp read only = no create mask = 0644 [homes] comment = %U home directory path = /SYS/home/%U valid users = %S read only = No create mask = 0600 browseable = No directory mask =0700 locking = no [open] comment = Pinarc Readable Share path = /SYS/world/open read only = No create mask = 0664 directory mask = 0775 valid users = @mars The logon script is being executed and the profiles are being written and updated. How do you fix/delete/change the net groupmap list output. I think this may the root cause of my problems , but I just dont know the syntax to fix/delete/change it. I have searched google and the samba manual and they seem to tell you everything except how to delete/fix etc. I have tried net delete groupmap ntgroup="Domain Admins" and whilst it says it has deleted this group in actually has done nothing. Below is the output of net groupmap list and net getlocalsid System Operators (S-1-5-32-549) -> -1 Domain Admins (S-1-5-21-2643210455-489482773-813538922-512) ->admingrp Domain Users (S-1-5-21-3314183342-3289294326-2282427927-513) -> mars Replicators (S-1-5-32-552) -> -1 interchange (S-1-5-21-3314183342-3289294326-2282427927-4001) -> inter Guests (S-1-5-32-546) -> -1 lukeman (S-1-5-21-3314183342-3289294326-2282427927-2803) -> madint Domain Admins (S-1-5-21-218202318-3803304894-1597324041-512) -> -1 Domain Users (S-1-5-21-2643210455-489482773-813538922-513) -> -1 Domain Guests (S-1-5-21-218202318-3803304894-1597324041-514) -> nogroup Power Users (S-1-5-32-547) -> -1 Domain Guests (S-1-5-21-2643210455-489482773-813538922-514) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Guests (S-1-5-21-3314183342-3289294326-2282427927-514) -> -1 Domain Admins (S-1-5-21-3314183342-3289294326-2282427927-512) -> -1 AccountOperators (S-1-5-32-548) -> -1 mad (S-1-5-21-3314183342-3289294326-2282427927-2801) -> mad Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 SID for domain SAMBASERVER is: S-1-5-21-3314183342-3289294326-2282427927 Please help. Very desperate. -- System Manager RGTechnologies Pty Ltd 606 Skipton Street Ballarat 3350 613 53363603 0417 511 731 andrews@rgt.com.au
Hi, try it with the command: net groupmap delete sid=S-1-5-21-2643210455-489482773-813538922-512 for the first bad Domain admin group. using the sid should do the trick. delete all mappings for Domain-groups not matching your samba-group, then use the net groupmap modify command to update the remaining group-mappings so they go to the correct unix-groups. be aware that "net delete groupmap" is not equal to "net groupmap delete"... Christoph Greg Andrews schrieb:> Howdy People, > > Since my last posting things have definitely taken a turn for the worse > > The XP clients cannot now even find the domain controller !! > > my smb.conf file is > > [global] > log file = /var/log/samba/log.%m > load printers = no > name resolve order = wins bcast lmhosts host > admin users = @admingrp > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > obey pam restrictions = Yes > lm announce = True > domain master = True > username map = /etc/samba/user.map > encrypt passwords = yes > passwd program = /usr/bin/passwd %u > wins support = true > dns proxy = No > netbios name = SAMBASERVER > server string = sambaserver > logon script = logon.bat > unix password sync = yes > workgroup = PINARC > os level = 255 > security = user > preferred master = True > max log size = 50 > domain logons = Yes > logon drive = h: > logon home =\\%N\%U > logon path = \\%N\profiles\%U > add user script = /usr/sbin/useradd -d /dev/null -g 400 -s /bin/false -M /%u > > [Profiles] > comment = Profiles Directory > path = /SYS/profiles > read only = no > create mask = 0600 > directory mask = 0700 > profile acls = yes > writeable = yes > > [netlogon] > comment = For Administration Use > path = /etc/samba/netlogon > valid users = %U > write list = @admingrp > read only = no > create mask = 0644 > > > [homes] > comment = %U home directory > path = /SYS/home/%U > valid users = %S > read only = No > create mask = 0600 > browseable = No > directory mask =0700 > locking = no > > [open] > comment = Pinarc Readable Share > path = /SYS/world/open > read only = No > create mask = 0664 > directory mask = 0775 > valid users = @mars > > > The logon script is being executed and the profiles are being written and > updated. > > How do you fix/delete/change the net groupmap list output. > I think this may the root cause of my problems , but I just dont know the > syntax to fix/delete/change it. > I have searched google and the samba manual and they seem to tell you > everything except how to delete/fix etc. > > I have tried net delete groupmap ntgroup="Domain Admins" and whilst it > says it has deleted this group in actually has done nothing. > > Below is the output of net groupmap list and net getlocalsid > > System Operators (S-1-5-32-549) -> -1 > Domain Admins (S-1-5-21-2643210455-489482773-813538922-512) ->admingrp > Domain Users (S-1-5-21-3314183342-3289294326-2282427927-513) -> mars > Replicators (S-1-5-32-552) -> -1 > interchange (S-1-5-21-3314183342-3289294326-2282427927-4001) -> inter > Guests (S-1-5-32-546) -> -1 > lukeman (S-1-5-21-3314183342-3289294326-2282427927-2803) -> madint > Domain Admins (S-1-5-21-218202318-3803304894-1597324041-512) -> -1 > Domain Users (S-1-5-21-2643210455-489482773-813538922-513) -> -1 > Domain Guests (S-1-5-21-218202318-3803304894-1597324041-514) -> nogroup > Power Users (S-1-5-32-547) -> -1 > Domain Guests (S-1-5-21-2643210455-489482773-813538922-514) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Guests (S-1-5-21-3314183342-3289294326-2282427927-514) -> -1 > Domain Admins (S-1-5-21-3314183342-3289294326-2282427927-512) -> -1 > AccountOperators (S-1-5-32-548) -> -1 > mad (S-1-5-21-3314183342-3289294326-2282427927-2801) -> mad > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > SID for domain SAMBASERVER is: S-1-5-21-3314183342-3289294326-2282427927 > > > > > Please help. Very desperate. > >
Greg,>From your groupmappings it appears that you have changed either thehostname or the workgroup name (or both). This will generate a new domain SID. Unfortunately, Samba does not do housekeeping on the file this is stored in and the "net groupmap" tool will not allow you to delete entries for a domain SID that is foreign to the current one. The way you can clear up the groupmapping is by stopping samba nmbd and smbd. The delete the group_mapping.tdb file - it should be in the /var/lib/samba directory, or in /var/cache/samba, or in /usr/local/samba/var/locks (depends on how Samba was compiled). Then you can restart Samba and remapp your groups. The only groups that must be mapped are the Domain groups. You can do this by: net groupmap modify ntgroup="Domain Users" unixgroup=users - John T. --- John H Terpstra Samba-Team email: jht@samba.org> -------- Original Message -------- > Subject: [Samba] going from bad to worse > From: "Greg Andrews" <andrews@rgt.com.au> > Date: Tue, August 17, 2004 5:28 am > To: samba@lists.samba.org > > Howdy People, > > Since my last posting things have definitely taken a turn for the worse > > The XP clients cannot now even find the domain controller !! > > my smb.conf file is > > [global] > log file = /var/log/samba/log.%m > load printers = no > name resolve order = wins bcast lmhosts host > admin users = @admingrp > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > obey pam restrictions = Yes > lm announce = True > domain master = True > username map = /etc/samba/user.map > encrypt passwords = yes > passwd program = /usr/bin/passwd %u > wins support = true > dns proxy = No > netbios name = SAMBASERVER > server string = sambaserver > logon script = logon.bat > unix password sync = yes > workgroup = PINARC > os level = 255 > security = user > preferred master = True > max log size = 50 > domain logons = Yes > logon drive = h: > logon home =\\%N\%U > logon path = \\%N\profiles\%U > add user script = /usr/sbin/useradd -d /dev/null -g 400 -s /bin/false -M /%u > > [Profiles] > comment = Profiles Directory > path = /SYS/profiles > read only = no > create mask = 0600 > directory mask = 0700 > profile acls = yes > writeable = yes > > [netlogon] > comment = For Administration Use > path = /etc/samba/netlogon > valid users = %U > write list = @admingrp > read only = no > create mask = 0644 > > > [homes] > comment = %U home directory > path = /SYS/home/%U > valid users = %S > read only = No > create mask = 0600 > browseable = No > directory mask =0700 > locking = no > > [open] > comment = Pinarc Readable Share > path = /SYS/world/open > read only = No > create mask = 0664 > directory mask = 0775 > valid users = @mars > > > The logon script is being executed and the profiles are being written and > updated. > > How do you fix/delete/change the net groupmap list output. > I think this may the root cause of my problems , but I just dont know the > syntax to fix/delete/change it. > I have searched google and the samba manual and they seem to tell you > everything except how to delete/fix etc. > > I have tried net delete groupmap ntgroup="Domain Admins" and whilst it > says it has deleted this group in actually has done nothing. > > Below is the output of net groupmap list and net getlocalsid > > System Operators (S-1-5-32-549) -> -1 > Domain Admins (S-1-5-21-2643210455-489482773-813538922-512) ->admingrp > Domain Users (S-1-5-21-3314183342-3289294326-2282427927-513) -> mars > Replicators (S-1-5-32-552) -> -1 > interchange (S-1-5-21-3314183342-3289294326-2282427927-4001) -> inter > Guests (S-1-5-32-546) -> -1 > lukeman (S-1-5-21-3314183342-3289294326-2282427927-2803) -> madint > Domain Admins (S-1-5-21-218202318-3803304894-1597324041-512) -> -1 > Domain Users (S-1-5-21-2643210455-489482773-813538922-513) -> -1 > Domain Guests (S-1-5-21-218202318-3803304894-1597324041-514) -> nogroup > Power Users (S-1-5-32-547) -> -1 > Domain Guests (S-1-5-21-2643210455-489482773-813538922-514) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Guests (S-1-5-21-3314183342-3289294326-2282427927-514) -> -1 > Domain Admins (S-1-5-21-3314183342-3289294326-2282427927-512) -> -1 > AccountOperators (S-1-5-32-548) -> -1 > mad (S-1-5-21-3314183342-3289294326-2282427927-2801) -> mad > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > SID for domain SAMBASERVER is: S-1-5-21-3314183342-3289294326-2282427927 > > > > > Please help. Very desperate. > > > -- > System Manager > RGTechnologies Pty Ltd > 606 Skipton Street > Ballarat 3350 > 613 53363603 > 0417 511 731 > andrews@rgt.com.au > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
In the hosts.allow entry for samba 3+, is there still a limit of localhost + 2 private networks? If so, Are there any plans to extend this? Otherwise, what is the current limit? Currently I have a situation where 10+ ranges are needed so if 2 is the limit we are stuck. Thanks, Wjrasmussen