what says getent group ?
greez
Pierre-Francois LAURAND wrote:> Hi,
>
> I'am experimenting an error on a Samba 3.0.20 pdc with ldap backend :
>
> When I have a try with the MS Win2k ACL editor to change a file
> permissions located on a Samba share, I can add or suppress domain users
> related acls, but with group related acls, an error occurs : MS Editor
> correctly shows the group SID, but cannot map the SID with the
> associated group name.
>
> smbd.log gives :
>
> [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)]
> rpc_server/srv_samr.c:api_samr_query_usergroups(520)
> api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.
> [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)]
> rpc_server/srv_pipe.c:api_rpcTNP(1572)
> api_rpcTNP: samr: SAMR_QUERY_USERGROUPS failed.
>
>
> Note that "net groupmap list" just work and list the correct
mapping
> between the sambaSID and the corresponding user groups registered in the
> dit.
>
> Relevant part of smb.conf :
>
> [global]
> workgroup = MYDOMAIN
> interfaces = lo0, em1
> security = user
> enable privileges = yes
> username map = /usr/local/etc/smbusers.map
> log file = /var/log/samba/smb.log
> debug uid = Yes
> domain logons = Yes
> os level = 255
> preferred master = Yes
> domain master = Yes
> passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
> ldap admin dn = cn=samba,ou=serviceAccounts,o=myorg
> ldap suffix = o=myorg
> ldap machine suffix = ou=computers
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
>
> [Public]
> path = /export/public/%G
> read only = No
> create mask = 0755
> directory mask = 0775
> force user = %U
>
>
> Thanks for your help,