So, to make it simple, my domain is KRH, I am successfully joined, and
can issue wbinfo -u or wbinfo -g and get expected results. Every query
I make about the domain works
However, I'm trying to add a domain user (me) to my local Print
Operators group on this freebsd machine.
Using Samba 3.5.6, FreeBSD 8.1 Clean install of everything yesterday.
So, I'm trying to add KRH\jdown to the Print Operators group. It acts
as if the command completed successfully, however, when asked to list
the members of the group, it chops off the domain portion.
freecups-2# net sam delmem 'Administrators' KRH\\jdown
Deleted KRH\jdown from BUILTIN\Administrators
freecups-2# net sam delmem 'Print Operators' KRH\\jdown
Deleted KRH\jdown from BUILTIN\Print Operators
freecups-2# net sam addmem 'Print Operators' 'KRH\jdown'
Added KRH\jdown to BUILTIN\Print Operators
freecups-2# net sam listmem 'Print Operators'
BUILTIN\Print Operators has 1 members
\jdown
freecups-2# net sam delmem 'Print Operators' KRH\\jdown
Deleted KRH\jdown from BUILTIN\Print Operators
freecups-2# net sam listmem 'Print Operators'
BUILTIN\Print Operators has 0 members
freecups-2# net sam delmem 'Print Operators' jdown
Could not find member jdown
freecups-2# net sam delmem 'Print Operators' KRH+jdown
Could not find member KRH+jdown
freecups-2# net sam delmem 'Print Operators' KRH/jdown
Could not find member KRH/jdown
freecups-2# net sam delmem 'Print Operators' KRH/\jdown
Could not find member KRH/jdown
freecups-2# net sam delmem 'Print Operators' "KRH\jdown"
Deleting local group member failed with NT_STATUS_ACCESS_DENIED
freecups-2# net sam addmem 'Print Operators' "KRH\jdown"
Added KRH\jdown to BUILTIN\Print Operators
freecups-2# net sam listmem 'Print Operators'
BUILTIN\Print Operators has 1 members
\jdown
My smb.conf:
[global]
log level = 5
workgroup = KRH
realm = KRH.INT
netbios aliases = freecups-2
server string = FreeCUPS-2
security = ADS
password server = kal-dc3.krh.int, kal-dc4.krh.int,
kal-dc2.krh.int, *
ntlm auth = No
client NTLMv2 auth = Yes
smb ports = 139
printcap cache time = 10
printcap name = cups
cups server = localhost
addprinter command = /usr/local/sbin/smbaddprinter.pl
deleteprinter command = /usr/local/sbin/smbdelprinter.pl
local master = No
domain master = No
browse list = No
wins server = 10.6.1.21
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind cache time = 300
winbind use default domain = Yes
winbind refresh tickets = Yes
guest ok = Yes
cups options = raw
[homes]
comment = PDF files
read only = No
browseable = No
browsable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No
[print$]
comment = Printer Drivers
path = /usr/home/KRH_drivers
write list = root, printserver,KRH\jdown
force user = printserver
force group = printserver
guest ok = No
my krb5.conf
[logging]
default = SYSLOG:INFO:LOCAL7
[libdefaults]
ticket_lifetime = 24000
clock_skew = 300
default_realm = KRH.INT
[realms]
domain.LOCAL = {
kdc = kal-dc3.krh.int:88
kdc = kal-dc4.krh.int:88
kdc = kal-dc2.krh.int:88
admin_server = kal-dc4.krh.int:464
admin_server = kal-dc3.krh.int:464
admin_server = kal-dc2.krh.int:464
default_domain = krh.int
}
[domain_realm]
.domain.local = KRH.INT
domain.local = KRH.INT
Now, it's almost working, and I'm hoping it's just a missed punctual
mark, but... probably not.
Can anyone assist?
thanks,
Jack
