I'm having some odd problems with USRMGR and Samba group accounts.
USRMGR seems to work fine for user accounts, and it also correctly
displays the list of group objects (these are all stored in LDAP btw).
This can be seen in http://www.ehsco.com/misc/samba/umgr-main.gif
Two of the groups can be managed while the other two cannot. For example,
http://www.ehsco.com/misc/samba/umgr-admins.gif shows that the
"Admins"
group can be opened but http://www.ehsco.com/misc/samba/umgr-users.gif
shows that the "Users" group cannot ("The group name could not be
found").
Similarly, the "LM Hosts" group can be opened but the
"Nobody" group
cannot. All of these groups DO show up in various places (like security
dialogs, and in the USRMGR list obviously) but they can't be viewed for
editing in USRMGR.
Separately, some groups don't show up in the user settings. For example,
http://www.ehsco.com/misc/samba/umgr-root.gif shows the group options for
the "root" account. Note that the "LM Hosts" and
"Nobody" groups show in
the candidate groups, but the "Admins" and "Users" groups do
not (despite
the fact that "Admins" is one of the groups that can be opened for
editing
as described above).
The groups appear to be properly defined in LDAP. I've recreated them just
to be sure ("LM Hosts" is a new group I created for initial testing
and it
shows up fine so I thought I'd recreate the others but that didn't
help),
and have also manually rebuilt my LDAP indexes. "net groupmap list"
shows
all of them and their correct mappings.
This really has me flummoxed. Any ideas? What am I missing?
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric A. Hall wrote: | I'm having some odd problems with USRMGR and | Samba group accounts. If you are running 3.0.20, have you applied the patches at http://www.samba.org/samba/patches/ ? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKzV5IR7qMdg1EfYRAk0MAKDiM/K3Cagr88pBOqCPDS3uo3JJ5gCgwDs+ Go0U2RPr8FmvdFZlwb9q1v8=aa2S -----END PGP SIGNATURE-----
do the groups have correct mappings to local ones? i've had the same error "The group name could not be found" and had some errors in my mappings greez Eric A. Hall wrote:> I'm having some odd problems with USRMGR and Samba group accounts. > > USRMGR seems to work fine for user accounts, and it also correctly > displays the list of group objects (these are all stored in LDAP btw). > This can be seen in http://www.ehsco.com/misc/samba/umgr-main.gif > > Two of the groups can be managed while the other two cannot. For example, > http://www.ehsco.com/misc/samba/umgr-admins.gif shows that the "Admins" > group can be opened but http://www.ehsco.com/misc/samba/umgr-users.gif > shows that the "Users" group cannot ("The group name could not be found"). > Similarly, the "LM Hosts" group can be opened but the "Nobody" group > cannot. All of these groups DO show up in various places (like security > dialogs, and in the USRMGR list obviously) but they can't be viewed for > editing in USRMGR. > > Separately, some groups don't show up in the user settings. For example, > http://www.ehsco.com/misc/samba/umgr-root.gif shows the group options for > the "root" account. Note that the "LM Hosts" and "Nobody" groups show in > the candidate groups, but the "Admins" and "Users" groups do not (despite > the fact that "Admins" is one of the groups that can be opened for editing > as described above). > > The groups appear to be properly defined in LDAP. I've recreated them just > to be sure ("LM Hosts" is a new group I created for initial testing and it > shows up fine so I thought I'd recreate the others but that didn't help), > and have also manually rebuilt my LDAP indexes. "net groupmap list" shows > all of them and their correct mappings. > > This really has me flummoxed. Any ideas? What am I missing? >-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137
On 9/16/2005 4:37 PM, Eric A. Hall wrote:> Two of the groups can be managed while the other two cannot. For example, > http://www.ehsco.com/misc/samba/umgr-admins.gif shows that the "Admins" > group can be opened but http://www.ehsco.com/misc/samba/umgr-users.gif > shows that the "Users" group cannot ("The group name could not be found"). > Similarly, the "LM Hosts" group can be opened but the "Nobody" group > cannot. All of these groups DO show up in various places (like security > dialogs, and in the USRMGR list obviously) but they can't be viewed for > editing in USRMGR.Are there reserved group names? I was poking around at something else and noticed that "net rpc group display users" and "net rpc group display nobody" failed with "Couldn't list alias members", which are the same groups broken above. I renamed the groups and now they are apparently working fine, both locally and with usrmgr alike. I can kind of understand why "nobody" wouldn't work (there's a nobody user, and there are "nobody" entries in the local passwd and group files [which I'm not using, but add to the problem matrix]). Users appears to be treated as a built-in group tho. Further of interest, "admins" works fine as a groupname, which conflicts with the built-in thinking. Immediate thought that's left after all this: they are reserved names? -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/