Good Morning to all,
Sorry if this is spam to some of you, not sure if this
is more technical or not...
Considering i have been fighting for a week now on this trying all
possible checks and configs out there on the net, i thought i better
come to the experts. ;o)
My last resort is to upgrade to latest samba ver which might help but i
think the bug was not fixed in this version not sure.. :o\
I have Ubuntu version 10.04
Samba ver "3.0.28a-1ubuntu4.12"
Here is the Bug/problem:
I am unable to list Domain "Local Groups" but Domain "Global Groups"
are fine in winbind. I would like to know winbind is working with
"Local Groups" first before configuring apache to authenticate to a local
group and the rest...
I have configured a Samba Member server (Nagios) to talk to a NT Domain PDC.
Here is my Samba cfg.
r...@wfmmon-gbl:/downloads# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = NAMEOFDOMAIN
server string = %h server (Samba, Ubuntu)
security = DOMAIN
map to guest = Bad User
obey pam restrictions = Yes
password server = PDCSVR BDCSVR2 BDCSVR3_CF BDCSVR4 BDCSVR5_cf
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = lmhosts host wins bcast
unix extensions = No
printcap name = cups
disable spoolss = Yes
preferred master = No
local master = No
domain master = No
wins server = 192.168.0.0.1 #( not the real ip)
usershare allow guests = Yes
usershare max shares = 10
panic action = /usr/share/samba/panic-action %d
idmap uid = 1000-200000
idmap gid = 1000-200000
template shell = /bin/bash
winbind separator = +
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
invalid users = root
wide links = No
r...@wfmmon-gbl:/downloads#
Domain Local group NAGMONGBL
Domain Global group Domain Users
Example:
I am able to do
****
r...@wfmmon-gbl:/downloads# wbinfo --group-info="Domain Users"
domain users:x:10004
r...@wfmmon-gbl:/downloads#
****
But NOT
****
r...@wfmmon-gbl:/downloads# wbinfo --group-info="NAGMONGBL"
Could not get info for group NAGMONGBL
r...@wfmmon-gbl:/downloads#
****
Checking error logs reveals
****
r...@wfmmon-gbl:/downloads# tail -25 /var/log/samba/log.winbindd
[2010/06/30 07:15:55, 1] nsswitch/winbindd_group.c:fill_grent_mem(365)
could not lookup membership for group sid "SIDNUMBER" in domain NAMEOFDOMAIN
(error: NT_STATUS_NO_SUCH_GROUP)
****
I am able to resolve the sid to name
****
r...@wfmmon-gbl:/downloads# wbinfo --sid-to-name="SIDNUMBER"
NAMEOFDOMAIN+nagmongbl 4
****
Additional stuff i tried with group mapping i get
the same error as above with (wbinfo --group-info="NAGMONGBL"):
nagmongbl is our local group..
BUILTIN+users is also a local group but works :o\
r...@wfmmon-gbl:/downloads# net groupmap list
nagmongbl (S-1-5-21-1420701450-S-I-D-Number) -> nagmonglb
Administrators (S-1-5-32-544) -> BUILTIN+administrators
Users (S-1-5-32-545) -> BUILTIN+users
r...@wfmmon-gbl:/downloads# getent group nagmonglb
nagmonglb:x:10770:
r...@wfmmon-gbl:/downloads# getent group nagmongbl
r...@wfmmon-gbl:/downloads#
r...@wfmmon-gbl:/downloads# getent group "BUILTIN+users"
BUILTIN+users:x:10001:administrator,iusr_svr_cf,svr$,svr3$,iwam_svvr_cf,iusr_srv_cf,iwam_svr342_cf,wfmmon-gbl$
r...@wfmmon-gbl:/downloads#
If it comes down to Samba version :
Considering Samba upgrades what would be the best approach?
to remove or install over the top of existing installation?
Thanks in advance for any input, help, direction that can
be provided here.
Regards
Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
