Since upgrading to 3.0.23 I have encountered several problems. (latest Debian Sarge with deb's from samba.org and security = ADS). All was working flawlessly before. *1.* getent passwd no longer lists machine accounts. *2.* On the Win2K pdc, the samba system's "DNS name" on the general tab is now listed as localhost.localdomain, and the operating system is still listed as Samba 3.0.22. (In the DNS mmc, the DNS records are correct.) *3.* Old shares are accessible, newly created ones are not. I need to know what's going on before I deploy to my production systems. I've read all the emails and have not seen this issue mentioned. I initially thought it might be the ldap issue mentioned in the release notes, but my installation of openldap has not been using the samba.schema. Thanks, Dale
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dale Schroeder wrote:> Since upgrading to 3.0.23 I have encountered several problems. (latest > Debian Sarge with deb's from samba.org and security = ADS). All was > working flawlessly before. > > *1.* getent passwd no longer lists machine accounts.Only machines? Or no domain users at all? Please read the release notes. 'winbind enum users' was disabled by default in 3.0.23.> *2.* On the Win2K pdc, the samba system's "DNS name" > on the general tab is now listed as localhost.localdomain, > and the operating system is still listed as Samba 3.0.22. > (In the DNS mmc, the DNS records are correct.)Did you rejoin the domain ? If so, looks like you have a broken /etc/hosts file ni the Samba box. Fix you hostname. We don't set the Operating system attribute any more. Just delete that.> *3.* Old shares are accessible, newly created ones are not.Not enough detail here. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEvi6gIR7qMdg1EfYRArW1AKCEh3bjS9W9ZZpLLkf4BrbsQ8TzqACgnWOB p1FuVq6ggjZ4e5I/7jMZUrE=6k6Q -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (added the list back to CC) Dale Schroeder wrote:> I've attached the screenshots, but I think my > confusion was expecting the pdc to display the FQDN > from its DNS records for the samba system, > not the hosts file on the samba system.I will almost guarantee that you have host a broken /etc/hosts on you Samba box. The machine's hostname should not be listed in the 127.0.0.1 line. This will also break Krb5 authentication. Fix this on the Unix box and rejoin the domain. Should be fine.>> This is correct behavior. net groupmap lists local >> mappings and has nothing to do with domain groups >> managed by Winbind. >> > The reason I questioned this at all is because the > following is my 'net groupmap list' output on a 3.0.22 > system showing all the standard domain groups listed > on the pdc: > > System Operators (S-1-5-32-549) -> -1...> Here is the output on the 3.0.23 system: > > Administrators (S-1-5-32-544) -> BUILTIN+administrators > Users (S-1-5-32-545) -> BUILTIN+usersThis is correct output. A -1 gid entry was an the indication of an unmapped SID so we just cleaned them out. The local Administrators and Users groups is used for authorization purpose. For example, $ net sam listmem Administrators BUILTIN\Administrators has 3 members COLOR\Centeris Admins SUSE10\root COLOR\Domain Admins Then we can simplem check internally for membership in Administrators to do things like manage services or grant privileges. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEvqxvIR7qMdg1EfYRAlhlAKCnIL1nmZ2T8esuoXjZ11PD69nJPACfSXGY TxpQfsJaWFhHq6VvVHowCnI=514r -----END PGP SIGNATURE-----