similar to: does a pdc need to be in the domain itself?

Hi, I have the following situation concerning group mapping: when I enter > net getlocalsid I get > SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906 when I enter > net getlocalsid DOMAIN I get >SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094 The group mapping shows > net groupmap list > Domain Users

Hello, I need some understanding about when being as user in a domain group and log on to a windows machine as user that belongs to this group having administrative rights. I will explain in more detail and give some more information: # net getlocalsid > SID for domain FILESERVER is: S-1-5-21-4166838278-3543217259-2095403906 # net getlocalsid <domain> > SID for domain <domain>

Dear list members, I am unable to logon to the domain. I have created the tdbsam using the "smbpasswd -a root" command. I also added User Administrator as unix and samba account. I also mapped groups "Domain Admins", "Domain users" and "Domain Guests" to unix groups domadmins, domusers and domguests using the "net groupmap modify" command. But is

hello i try to migrate nt4 to samba. the passwd-backend is ldap. the migration itself works fine but after that, i cannot logon from the windows xp clients to the domain. -> i have to rejoin the client to the domain then it works is this a bug or feature? the sambaNTPassword change then in ldap data base here is part of my smb.conf ------------------- snip ----------------- workgroup

Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What

Hi, I am in the process of migrating our windows workstations to a samba domain. Here is the problem: When creating the domain user I put every user additionalyy in the domain admin group so that he/she can copy his old files on the local profile to his new domain account. Then after this is done I put them to the domain users group but some (!) of the user the lose then access to the

This might be more inclusive if I said, Linux Permissions vs POSIX ACLs vs vfs_xattr. I have recently begun to discover the power and flexibility of using POSIX ACLs (by mounting my EXT3/4 filesystems with the acl option). This solved alot of security permissions issues between Samba and Linux groups of users. As I have delved into this deeper and begun using the VFS object, vfs_xattr, things

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I cannot find anything in the documentation or mailing list that addresses this oddity. I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm utterly confused by samba's behavior regarding permissions. Users on the server have home directories in /home/chemgroup/username. (chemgroup is actually a symlink to another

I've been testing DFS roots and I'm finding that while Vista and 2008 Server clients can connect with no problems, Windows XP Pro and 2003 Server clients fail. This seems like it's the wrong way round - Samba usually has more difficulties with recent Windows versions than older ones - but I can only assume that there's some registry/policy change between the versions. If anybody

Hello, I'm testing samba4. I've setup a small samba3+ldap pdc, and then I tried a classicupgrade, but I can't pass step 4 of the howto. ubuntu at samba4:~/samba4$ /usr/local/samba/sbin/samba -V Version 4.1.0pre1-GIT-899cdc4 ubuntu at samba4:~/samba4$ sudo /usr/local/samba/bin/samba-tool domain classicupgrade --realm=example.com --dbdir=/root/samba /root/samba/smb.conf Reading

I groupapped the domadmins group in linux to ntgroup="Domain Admins" but instead of mapping to the SID number ending in 512 it's creating a new SID number endind in 2025 mapped to domadmins... Does anybody knows why??? It worked in the previous server. This is the command I execute net groupmap add ntgroup="Domain Admins" unixgroup=domadmin If I use the rid=512 option I

I seem to be having a bit of a brain fade with regard to permissions in samba. I have a share with several folders owned by different groups: drwxrws--- 13 root accounts 4.0K Jun 7 12:12 Accounts drwxrws--- 16 ian accounts 4.0K Jun 7 11:24 Administration drwxrws--- 14 accounts users 4.0K Apr 22 12:05 Downloads drwxrwsr-x 7 ian users 4.0K Mar 22 13:51

Hi, maybe I didn't explained myself well. What i meant is that the user can't have the SID S-1-5-21-528226156-890416033-2029241632 but MUST have a sid like S-1-5-21-528226156-890416033-2029241632-xxxx ( where x is usually assigned automatically by the add user's script) Best Regards, Bruno Guerreiro -----Original Message----- From: Jos? M. Fandi?o [mailto:samba@fadesa.es] Sent:

Hey all, I have a functioning Samba server in my test lab. All of my must-haves are met. My problem really boils down to a minor nuisance. Basically, when I log the test users in and open My Documents I only see one folder: My Music. Not that I really care but curiosity is killing me here and I can't figure out why the My Pictures folder is not present also. On top of that users love

Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my

Cups 1.2.7 Debian Etch with Samba 3.0.24 Clients: WinXP SP3 (with Firewall completely off for testing) When I define a printer specifically in smb.conf, they show up as shared printers in WinXP. But when I follow the normal way (see below) to load all from cups they don't. I followed mainly the latest SAMBA-HOWTO (chapter 21-22) The only error I see in log.smbd when accessing the

I have recently run across this problem and would like to warn people about it. I had an already established domain running under Samba 2.2.8. I then upgraded to 3.0. I removed the 'domain admin users = root' line from my smb.conf because certain tools complained about it being there. After the upgrade, I followed the Samba 3 HOWTO docs on samba.org. I created my domadm, domguests, and

Hey all, I'm coloring outside the lines a little bit here but I would like to automate the install of a samba pdc. Within that script to install I would like to assign rights to a group. Here is an example of a few steps: # Create Unix group: groupadd domadmins # Map unix group to samba groups: net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512 type=d # Assign

Hi, does the output of the two commands really mean that the server FILESERVER is not in the domain?: # net getlocalsid SID for domain FILESERVER is: S-1-5-21-4161338278-3756552359-245403906 # net getlocalsid <domainname> SID for domain <domainname> is: S-1-5-21-2018781741-1218349122-1862352094 Is there another method to check if a server is in a domain? Can I use 'net rpc

when trying to put a samba3 server into a domain (samba3 pdc) I always get the following error messages: [root@file samba]# net join -d 2 -U smbadmin RHEL -S server1.example.com [2004/09/30 23:36:35, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.150 bcast=192.168.0.255 nmask=255.255.255.0 smbadmin's password: [2004/09/30 23:36:37, 1] libads/ldap.c:ads_connect(251)