Hi all,
yesterday I installed Samba Version 3.0.23b on our new fileserver. We
currently have another fileserver with Samba 3.0.22.
Our existing fileserver is compiled from source because we patched it to
support Windows 2003 Server R2 active directory schema. (We changed the
OIDs Samba reads from the ADS schema.)
Now we want to replace it with rpm-packages of the new version. We
installed a new fileserver and cloned the smb.conf. After changing
'winbind nss info' from 'sfu' to 'rfc2307' everything
worked as expected
in the first look. Winbind resolved our Windows-Users and groups
correct. (wbinfo and getent work perfect!)
But when I try to connect to a share on the server I get the following
error:
[2006/08/18 15:22:19, 0] auth/auth_util.c:create_local_nt_token(903)
create_local_nt_token: Failed to create BUILTIN\Administrators group!
And the server prompts me for a username and password.
My /etc/samba/smb.conf is:
[global]
workgroup = WORKGROUP
realm = REALM.COM
server string = %h
security = ADS
auth methods = winbind
allow trusted domains = No
lanman auth = No
log level = all:10
disable netbios = Yes
reset on zero vc = Yes
deadtime = 10
os level = 0
preferred master = No
local master = No
domain master = No
wins server = x.x.x.x, x.x.x.x, x.x.x.x
ldap ssl = no
idmap backend = ad
idmap uid = 100-100000
idmap gid = 100-100000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
read only = No
acl map full control = No
inherit acls = Yes
ea support = Yes
map acl inherit = Yes
use sendfile = Yes
hide special files = Yes
map readonly = permissions
strict locking = No
dos filemode = Yes
This is exactly the same config as for the working server expect
winbind nss info = rfc2307
which is
winbind nss info = sfu
on the old server.
Do I have to create a local group for BUILTIN\Administrators?
Thanks for you help
J?rg
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________