[Samba] PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members

Sun, 12 Dec 2010 21:43:46 -0800 

Hello,

After setting up Samba 3.5.6 on CentOS 5.5 (built from sources) I have
noticed a strange problem.

Windows 2003 servers participating in this Samba domain do not receive
domain groups list when I, say, try to assign security credentials for a
file/folder. When I choose domain as source, search reveals only
technical group names and individual domain users names. No domain group
names at all.

However, if I type domain group name manually (i.e. "DOMAIN\Domain
Admins"), it is recognized and displayed correctly in security credentials.

May I ask for hints on  wherethe source of this problem can be and how
to fix it?

The PDC of smb.conf follows.

============== PDC smb.conf below
[global]
unix charset = UTF8
workgroup = DOMAIN      
netbios name = PDC
server string = Samba PDC
passdb backend =ldapsam:"ldap://10.10.10.1 ldap://10.10.10.10";
username map = /etc/samba/smbusers
interfaces = eth0 lo
bind interfaces only = yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = %u.bat
logon drive = W:
logon home = \\%L\%u
logon path = \\%L\profiles\%u
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=itelsib,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=itelsib,dc=com
idmap backend = ldap://10.10.10.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
============== PDC smb.conf above

Sincerely,
Konstantin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to