Hi, I installed samba 2.2.6 as pdc with openldap 2.0.23 and most things are working. Thanks for your great work. But I have a few technical questions about details, which I am not sure about and a few problems with usrmgr.exe
I took the samba.shema included in 2.2.6 and the ldif from IDEALIX. Then I had many Groups in Ldap (Domain Admins, Domain Users etc) With the ldif from above, these groups e.g. the Domain Admin group had gid's of about 200 to 220. I changed it to 512,513 ... because I have heard, that this is the GID of Domain Admin , Domain Users ...(I have no posix Unix group in /etc/group with this ID). Same with Doamin Users (513) Domain guest (514). Are these changes necessary? Do I need Unix groups with this GID? Next question: What is the correct primaryGroupID of a Domain-User? 513 or 2*gidNumber(Unix)+1001 ? If I want a User to be a Domain Admin can I just put him in the Domain Admin Group in ldap? I have domain admin group = " @"Domain Admins" " in smb.conf Is an /etc/group entry necessary f�r this? (Background the Server has the Unix groups in ldap too) Apart from this questions I have some problems with usrmgr.exe, which are not serious. But I just want to know, if these are limitations or if I did somthing wrong. First of all, usrmgr is able to show all values in ldap (great). If I edit a real name of an user, it works. But after saving the changes, I get a message on the windows side: "The following error changing properties of user maurer occured: group name could not be found" (translated from german) But the changes are submitted to ldap correctly. When I edit the properties of an user (eg real name), during the the save values of logofftime, kickofftime,pwdmustchange are changed form 2147483647 to 0 >From this point on, I am unable to change the pwdmustchange settings with usmgr. I habe to insert a value greater 2000000000 into ldap by hand , to deactivate pwdmustchange. get_single_attribute: [logonTime] = [0] [2002/10/26 12:30:01, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [logoffTime] = [0] [2002/10/26 12:30:01, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [kickoffTime] = [0] [2002/10/26 12:30:01, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [pwdCanChange] = [0] [2002/10/26 12:30:01, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [pwdMustChange] = [0] When I log in with pwdmustchange next time, I am asked to change passwd. If I do so, samba quits with [2002/10/26 13:05:04, 3] smbd/password.c:authorise_login(854) authorise_login: ACCEPTED: guest account and guest ok (gast) [2002/10/26 13:05:04, 3] smbd/service.c:make_connection(487) Connect path is /tmp [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2002/10/26 13:05:04, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 514 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 514 [2002/10/26 13:05:04, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(211) get_share_security: using default secdesc for IPC$ [2002/10/26 13:05:04, 3] lib/util_seaccess.c:se_access_check(269) se_access_check: user sid is S-1-5-21-3723159834-3326906825-3408399178-2200 [2002/10/26 13:05:04, 3] lib/util_seaccess.c:se_access_check(272) se_access_check: also S-1-5-21-3723159834-3326906825-3408399178-2029 [2002/10/26 13:05:04, 3] lib/util_seaccess.c:se_access_check(272) se_access_check: also S-1-1-0 [2002/10/26 13:05:04, 3] lib/util_seaccess.c:se_access_check(272) se_access_check: also S-1-5-2 [2002/10/26 13:05:04, 3] lib/util_seaccess.c:se_access_check(272) se_access_check: also S-1-5-32-546 [2002/10/26 13:05:04, 3] smbd/vfs.c:vfs_init_default(123) Initialising default vfs hooks [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (600, 514) - sec_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(334) 1 user groups: 514 [2002/10/26 13:05:04, 3] smbd/vfs.c:vfs_ChDir(569) vfs_ChDir to /tmp [2002/10/26 13:05:04, 3] smbd/service.c:make_connection(636) barolo (192.168.0.6) connect to service IPC$ as user gast (uid=600, gid=514) (pid 14794) [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/reply.c:reply_tcon_and_X(394) tconX service=ipc$ user=gast [2002/10/26 13:05:04, 3] smbd/process.c:process_smb(878) Transaction 3 of length 93 [2002/10/26 13:05:04, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 14794) [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (600, 514) - sec_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(334) 1 user groups: 514 [2002/10/26 13:05:04, 4] smbd/nttrans.c:nt_open_pipe(542) nt_open_pipe: Opening pipe \samr. [2002/10/26 13:05:04, 3] smbd/nttrans.c:nt_open_pipe(559) nt_open_pipe: Known pipe samr opening. [2002/10/26 13:05:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(146) Open pipe requested samr (pipes_open=0) [2002/10/26 13:05:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(261) Opened pipe samr with handle 772a (pipes_open=1) [2002/10/26 13:05:04, 3] smbd/process.c:process_smb(878) Transaction 4 of length 195 [2002/10/26 13:05:04, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 14794) [2002/10/26 13:05:04, 4] smbd/uid.c:change_to_user(119) change_to_user: Skipping user change - already user [2002/10/26 13:05:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(994) search for pipe pnum=772a [2002/10/26 13:05:04, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(749) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2002/10/26 13:05:04, 3] smbd/pipes.c:reply_pipe_write_and_X(197) writeX-IPC pnum=772a nwritten=127 [2002/10/26 13:05:04, 3] smbd/process.c:process_smb(878) Transaction 5 of length 63 [2002/10/26 13:05:04, 3] smbd/process.c:switch_message(685) switch message SMBreadX (pid 14794) [2002/10/26 13:05:04, 4] smbd/uid.c:change_to_user(119) change_to_user: Skipping user change - already user [2002/10/26 13:05:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(994) search for pipe pnum=772a [2002/10/26 13:05:04, 3] smbd/pipes.c:reply_pipe_read_and_X(238) readX-IPC pnum=772a min=1024 max=1024 nread=116 [2002/10/26 13:05:04, 3] smbd/process.c:process_smb(878) Transaction 6 of length 173 [2002/10/26 13:05:04, 3] smbd/process.c:switch_message(685) switch message SMBwriteX (pid 14794) [2002/10/26 13:05:04, 4] smbd/uid.c:change_to_user(119) change_to_user: Skipping user change - already user [2002/10/26 13:05:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(994) search for pipe pnum=772a [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:push_sec_ctx(296) push_sec_ctx(600, 514) : sec_ctx_stack_ndx = 1 [2002/10/26 13:05:04, 3] smbd/uid.c:push_conn_ctx(285) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:set_sec_ctx(328) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 2 groups: -1, 514 [2002/10/26 13:05:04, 3] smbd/sec_ctx.c:pop_sec_ctx(435) pop_sec_ctx (600, 514) - sec_ctx_stack_ndx = 0 [2002/10/26 13:05:04, 0] lib/util_sec.c:assert_gid(111) Failed to set gid privileges to (0,514) now set to (0,-1) uid=(0,600) [2002/10/26 13:05:04, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid It seems that the clients first connects as computer, than as user, (both entries skipped) and than as guest (uid=600, gid=514) What could be the reason for the get_current_groups: user is in 2 groups: -1, 514 ?? I don't have a group -1 Last qustions: Is it possible to add users with usrmgr? Ok, a lot of questions. I hope that the these questions aren't to userspecific for the technical list. Thank you very much. Greetings form a stormy day in munich Hansj�rg -- Dr. Hansj�rg Maurer Linprunstr. 10 D-80335 Muenchen Ph/Fax +49 89 52 04 68-41/-59
