samba - Jun 2005 - active directory auth & some more

I've been trying for a few days to get a samba server 3.0.13 to work as 
an adition to some servers inside a Active Directory domain (windows 
2003) servers.

My first problem is that wbinfo_group.pl does not work anymore after SP1 
update to windows domain controllers, it is not capable of getting sig 
for the group.

Second pb. I managed to get access for windows workstations to the samba 
server according to the authentication from Active Directory. Managing 
rights from the Security tab of a windows station does not work. I got 
"inherit acl = yes" and "nt acl support = yes", so kerberos
auth. is
working.

Third and last pb.

I get authentication only after caching with wbinfo -u and wbinfo -g.

There goes my smb.conf:

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-04-04
[global]
        workgroup = bogus workgroup name
        username map = /etc/samba/smbusers
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
        domain logons = No
        domain master = No
        local master = No
        os level = 65
        preferred master = No
        realm = BOGUS.BOGUS
        encrypt passwords = Yes
        client signing = Yes
        server signing = Yes
        security = ADS
        password server = bogus-adserver
        winbind use default domain = Yes
        winbind cache time = 6000
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind separator = +
        winbind enable local accounts = yes
        client use spnego = Yes

[homes]
        comment = Home Directories
        valid users = %S
        browseable = No
        read only = No
        inherit acls = Yes

[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700

[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/

[groups]
        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

[public]
        comment = Test area
        path = /samba
        inherit acls = Yes
        writeable = Yes
        browseable = Yes
        net acl support = Yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Iustinian T. wrote:
> 
> I've been trying for a few days to get a samba server 3.0.13 
> to work as an adition to some servers inside a Active
> Directory domain (windows 2003) servers.
> 
> My first problem is that wbinfo_group.pl does not work anymore 
> after SP1 update to windows domain controllers, it is not
> capable of getting sig for the group.
There were some schannel workarounds in 3.0.14a that are needed to
deal with 2003 sp1 DCs.  Check the release notes for details.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCw+0lIR7qMdg1EfYRArvQAJ9HSQilzZiuBJy09Lz7dkU4byOmXACeIXnc
HimfRok50Gcg4aA4PHMiPA4=bRm/
-----END PGP SIGNATURE-----