Aravinda Guzzar
2007-May-23 19:49 UTC
[Samba] Not able to add domain users to local groups
Hi, I was able to successfully configure my samba server 3.0.24 running on Debian Linux server as "Domain Member Server" to W2k3 server. Command "net rpc testjoin" indicates that the join is a success. As mentioned in the document http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Under the section "Nested Group Support" I was trying to add domain users to a local group, using the command #net rpc group addmem <local-group-on-DMS> "<domain-name>\<Domain Users>" -Uroot%secret But I get the message that could not connect to local server 127.0.0.1 NT_STATUS_TIMEOUT Looking at the Network traces reveals that samba server just sending the "LSA Open Policy" packet to the W2K3 server and is NOT sending/requesting "LSA lookup" to query for the domain users. Does anyone know about this problem. Can anyone suggest me what extra setting/configuration do I need to do to get this thing working? Thanks in advance -Aravind
Aravinda Guzzar
2007-May-24 14:22 UTC
[Samba] Re: Not able to add domain users to local groups
Hi,
Further to the above I found that WINBIND Daemon is necessary for this type
of operation as noted below in smb.conf file:
============================= winbind nested groups (G)
If set to yes, this parameter activates the support for
nested groups. Nested groups are also
called local groups or aliases. They work like their counterparts
in Windows: Nested groups are
defined locally on any machine (they are shared between DC's
through their SAM) and can contain
users and global groups from any trusted SAM. To be able to use
nested groups, you need to run
nss_winbind.
Default: winbind nested groups = yes
==========================
I have not currently configured WINBIND Daemon.
I wanted to know whether the WINBIND Daemon is must for this type of
operation. Can any one help me in getting this clarified. If NO, what is the
steps required to do this?
Thanks in advance for any kind of information regarding this.
regards
Aravind
Gerald (Jerry) Carter
2007-May-24 15:36 UTC
[Samba] Re: Not able to add domain users to local groups
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aravinda Guzzar wrote:> Hi, > > Further to the above I found that WINBIND Daemon is necessary for this type > of operation as noted below in smb.conf file: > > =============================> winbind nested groups (G)The "Winbind nested groups" feature requires a working winbindd installation. jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVbDZIR7qMdg1EfYRAtonAJsHb9SOKxHCQffyEXtkS/plpxi9DQCdH7ec ajaNT86uZATmSAZPcT5p7Jg=f35h -----END PGP SIGNATURE-----