Hi.
I'm using samba-3.0.24 on a gentoo box. The samba machine is
configured as a domain member server within a MS Windows 2003 active
directory. It has been successfully joined to the domain and
everything works, shares, kerberos, ldap.
However, I cannot get nested groups to work, or more precisely, I
cannot add a local group using net rpc. Here is what I am doing:
gentoo ~ # net rpc group add NewGroup -Umyuser -L -d 3 -I 10.0.0.2
[2007/04/17 11:20:35, 3] param/loadparm.c:lp_load(4945)
lp_load: refreshing parameters
[2007/04/17 11:20:35, 3] param/loadparm.c:init_globals(1410)
Initialising global parameters
[2007/04/17 11:20:35, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/04/17 11:20:35, 3] param/loadparm.c:do_section(3687)
Processing section "[global]"
[2007/04/17 11:20:35, 1] param/loadparm.c:lp_do_parameter(3426)
WARNING: The "printer admin" option is deprecated
[2007/04/17 11:20:35, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.1 bcast=130.88.255.255 nmask=255.255.0.0
[2007/04/17 11:20:35, 2] lib/interface.c:add_interface(81)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host=10.0.0.1
[2007/04/17 11:20:42, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 130.88.88.89 at port 445
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721)
Doing spnego session setup (blob length=122)
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)
got OID=1 2 840 113554 1 2 2
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)
got OID=1 2 840 48018 1 2 2
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)
got OID=1 3 6 1 4 1 311 2 2 10
[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754)
got principal=cifs/samba-server@MY.REALM
[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)
Got challenge flags:
[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60890215
[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)
NTLMSSP: Set final flags:
[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
[2007/04/17 11:20:42, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
[2007/04/17 11:20:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.0.0.1 pipe \lsarpc fnum 0x72a4 bind
request returned ok.
[2007/04/17 11:20:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.0.0.1 pipe \samr fnum 0x72a5 bind
request returned ok.
add alias failed: NT_STATUS_ACCESS_DENIED
[2007/04/17 11:20:42, 1] utils/net_rpc.c:run_rpc_command(170)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2007/04/17 11:20:42, 2] utils/net.c:main(988)
return code = 1
gentoo ~ #
Now, my question relates to the "-U" parameter. Exactly which account
is this?
Is it root on the gentoo box?
Is it a domain admin on the windows active directory?
Is it my wbinfo --set-auth-user definition?
Is it some other account?
I have tried all these combinations and I still cannot add a group. I
know the root, domain admin account, wbinfo user passwords and still
this just will not work for me.
Can someone please inform me which account I should be using? As I
have totally run out of ideas.
Thanks
Dave
