Hi there ...
I have a problem with my tdb-database after I've migrated from
Debian-Samba-3.2.5-4lenny6 to Samba-3.2.5-4lenny7.
All the old directories /etc/samba with the smb.conf and /var/lib/samba with
the tdb-database has been hold.
Now I've inexplicable effects with my tdb-database.
- I cannot list my admin - user, which is the domain-administrator, in my
passwd.tdb.
- I cannot attach any longer WindowsWorkstations to my domain.
1.) My samba-version:
myserver1:~# apt-cache policy samba
samba:
Installiert: 2:3.2.5-4lenny7
2.)Problem with pdbedit -L :
myserver1:~# pdbedit -L | grep admin
myserver1:~#
You see, there is nothing....
3.) But pdbedit -u admin -v is successful:
myserver1:/etc/samba# pdbedit -u admin -v
Unix username: admin
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1656000120-2433418590-619812953-500
Primary Group SID: S-1-5-21-1656000120-2433418590-619812953-513
Full Name:
Home Directory: \\myserver1\admin\win
HomeDir Drive: U:
Logon Script: logon.cmd
Profile Path: \\myserver1\profiles\admin
Domain: MYDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: 0
Password last set: Mi, 06 Aug 2008 10:19:23 CEST
Password can change: Mi, 06 Aug 2008 10:19:23 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4.) Samba group-mapping:
myserver1:/etc/samba# net groupmap list
Domain Admins (S-1-5-21-1656000120-2433418590-619812953-512) -> domadmins
5.) real Unix-group:
myserver1:/etc# cat group | grep domadmins
domadmins:x:512:admin
6)# List rpc privileges on an Samba:
myserver1:/etc# net rpc rights list accounts -U admin -S 192.168.1.200
Enter admin's password:
BUILTIN\Print Operators
No privileges assigned
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
Everyone
No privileges assigned
---------------------------------------------------------------------------
7.) Here are the global settings of my smb.conf:
[global]
unix charset = ISO8859-1
workgroup = MYDOMAIN
netbios aliases = myserver1
server string = %h
update encrypted = Yes
obey pam restrictions = Yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add user script = /usr/sbin/adduser.sh -p -u "%u" -n "%u"
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/local/bin/smbgrpadd.sh "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
set primary group script = /usr/sbin/usermod -g "%g" "%u"
add machine script = /usr/sbin/addmachine.sh -u %u
logon script = logon.cmd
logon path = \\%N\profiles\%U
logon drive = U:
logon home = \\%N\%U\win
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
invalid users = root
-----------------End of global settings --------
Does anyone have an idea what the reason of this strange behaver of my
passwd.tdb ist?
I believe, when this is fixed, the problem with the attachment of new
WindowsWorkstations to the domain will also be solved.
--
Regards
Heinz Allerberger
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
