Hi, I'am experimenting an error on a Samba 3.0.20 pdc with ldap backend : When I have a try with the MS Win2k ACL editor to change a file permissions located on a Samba share, I can add or suppress domain users related acls, but with group related acls, an error occurs : MS Editor correctly shows the group SID, but cannot map the SID with the associated group name. smbd.log gives : [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)] rpc_server/srv_samr.c:api_samr_query_usergroups(520) api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS. [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1572) api_rpcTNP: samr: SAMR_QUERY_USERGROUPS failed. Note that "net groupmap list" just work and list the correct mapping between the sambaSID and the corresponding user groups registered in the dit. Relevant part of smb.conf : [global] workgroup = MYDOMAIN interfaces = lo0, em1 security = user enable privileges = yes username map = /usr/local/etc/smbusers.map log file = /var/log/samba/smb.log debug uid = Yes domain logons = Yes os level = 255 preferred master = Yes domain master = Yes passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap admin dn = cn=samba,ou=serviceAccounts,o=myorg ldap suffix = o=myorg ldap machine suffix = ou=computers ldap user suffix = ou=users ldap group suffix = ou=groups [Public] path = /export/public/%G read only = No create mask = 0755 directory mask = 0775 force user = %U Thanks for your help, -- Pierre-Francois LAURAND
what says getent group ? greez Pierre-Francois LAURAND wrote:> Hi, > > I'am experimenting an error on a Samba 3.0.20 pdc with ldap backend : > > When I have a try with the MS Win2k ACL editor to change a file > permissions located on a Samba share, I can add or suppress domain users > related acls, but with group related acls, an error occurs : MS Editor > correctly shows the group SID, but cannot map the SID with the > associated group name. > > smbd.log gives : > > [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)] > rpc_server/srv_samr.c:api_samr_query_usergroups(520) > api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS. > [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)] > rpc_server/srv_pipe.c:api_rpcTNP(1572) > api_rpcTNP: samr: SAMR_QUERY_USERGROUPS failed. > > > Note that "net groupmap list" just work and list the correct mapping > between the sambaSID and the corresponding user groups registered in the > dit. > > Relevant part of smb.conf : > > [global] > workgroup = MYDOMAIN > interfaces = lo0, em1 > security = user > enable privileges = yes > username map = /usr/local/etc/smbusers.map > log file = /var/log/samba/smb.log > debug uid = Yes > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/ > ldap admin dn = cn=samba,ou=serviceAccounts,o=myorg > ldap suffix = o=myorg > ldap machine suffix = ou=computers > ldap user suffix = ou=users > ldap group suffix = ou=groups > > [Public] > path = /export/public/%G > read only = No > create mask = 0755 > directory mask = 0775 > force user = %U > > > Thanks for your help,