SNIP
SID for domain SL1 is: S-1-5-21-1557386430-3227286864-500253393
SID for domain CHEMBMB is: S-1-5-21-4167008922-1292391803-4044586981
7) Users have both user and group SIDs in the form
"S-1-5-21-4167008922-1292391803-4044586981-[unique number]", which is
generated according to the rules the smbldap tools use.
You have two different domains. And the users are in CHEMBMB and the
server is a member of SL1. Why not join SL1 to CHEMBMB?
8) testparm on sl1 returns the following:
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[itadmins]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = CHEMBMB
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldaps://multivac.chem.umass.edu
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 255
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
ldap admin dn = cn=admin,dc=cns
ldap group suffix = ou=Chemistry groups
ldap suffix = ou=Chemistry,dc=cns
ldap ssl = no
ldap user suffix = ou=Chemistry users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
invalid users = root
[homes]
comment = Home Directories
read only = No
browseable = No
[itadmins]
comment = Shared directory for the IT group
path = /home/itadmins
valid users = spalmer, amckenzie
read only = No
create mask = 0665
directory mask = 0775
Any advice would be appreciated -- I'm well beyond my understanding of
samba at the moment, and my understanding of samba is well beyond what
it was 48 hours ago. At the moment neither server is mission
critical,
so tests that take them temporarily off-line are possible. By early
next week things will be authenticating against the LDAP server (we've
got no choice -- the old LDAP server is failing fast), so I won't be
able to take it down for testing.
Thanks in advance,
Alex McKenzie
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEUEARECAAYFAkvxjXAACgkQWFYfIucpZ2OA2QCY5Ah0KkHwr2QGuCF/jCGf/dDr
zwCfbXwvHr50j7vZZTuSJxLels7Izv8=
=58HV
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
