Danilo Godec
2008-Jan-09 14:02 UTC
[Samba] Windows doesn't show Samba group names, only SIDs
Hi, I have a problem with Samba / LDAP running on SLES-9. This has been running well for a while until this week - now Windows workstations don't show group names anymore (editing Access Rights, for example, shows a list of group SIDs instead). I checked whether some software was updated - and in deed it was. OpenLDAP and Samba were both updated two weeks ago - unfortunately nobody can confirm whether the problem occured only after the update. I guess I could try and revert to older versions of SuSE packages but I thought I'd ask here first - maybe it's trivial and I'm just blind... Thanks, Danilo
Jim Shanks
2008-Jan-09 22:17 UTC
[Samba] Windows doesn't show Samba group names, only SIDs
> Hi, > > I have a problem with Samba / LDAP running on SLES-9. This has been > running well > for a while until this week - now Windows workstations don't show group > names > anymore (editing Access Rights, for example, shows a list of group SIDs > instead). > > I checked whether some software was updated - and in deed it was. OpenLDAP > and > Samba were both updated two weeks ago - unfortunately nobody can confirm > whether > the problem occured only after the update. > > I guess I could try and revert to older versions of SuSE packages but I > thought > I'd ask here first - maybe it's trivial and I'm just blind... > > > > Thanks, Danilo > >I've had that problem before and it was always due to winbindd not running or not running properly. If you have swat loaded you should be able check the status tab as well as restart winbindd. Jim
John Drescher
2008-Jan-10 15:47 UTC
Fwd: [Samba] Windows doesn't show Samba group names, only SIDs
Forwarding this to the list:>> I've had that problem before and it was always due to winbindd not >> running >> or not running properly. >> >> If you have swat loaded you should be able check the status tab as well >> as >> restart winbindd. >> > With ldap (no ads) you supposedly do not need winbind but I can admit > I have seen this behavior so I am not sure. > > John >I'm running samba as a domain controller in two locations, both with OpenLDAP and yes, winbindd is installed and running. You don't actually "need" winbind, but you won't get your group and user name mapping without it. You may also want to post a copy of your smb.conf on the list and drop a copy to me. You have the following config option in the smb.conf for windbind and LDAP working together. In this case, the idmap backend option is assuming that the samba domain controller and the LDAP server are the same box. It's been working great for me for about three years now. idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 Also, I'm not sure about Suse, but with RedHat, I had to install and enable winbindd. It wasn't installed with samba. Jim