OK, thanks both four your answers. I am not using Winbind, because (I think) Winbind dows the same than configuring the ldap client on the server, as I can see with "getent passwd" and "getent group" all objects in LDAP.
> Do you use winbind? If not, you should create a local admin user: Why I can't use a domain account member of administrators group? Anyway, I added a local root account as you said. When I type: [root@sambafs1 ~]# net rpc rights grant "XXXXX.YYYYY\Administradores" SeAddUsersPrivilege -U "sambafs1\root" Enter sambafs1\root's password: Successfully granted rights. [root@sambafs1 ~]# net rpc rights list privileges SeAddUsersPrivilege -U "sambafs1\root" Enter sambafs1\root's password: SeAddUsersPrivilege: BUILTIN\Administrators Unix Group\Administradores I got "Unix Group\Administradores"; shouldn't it be "XXXXX.YYYYY\Administradores"? Regards. El día 28 de enero de 2011 14:19, TAKAHASHI Motonobu <[email protected]> escribió: > 2011/1/28 Juan Asensio Sánchez <[email protected]>: >> We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2) >> servers using LDAP (389 DS v1.2.5) as its database backend. If I run >> "net rpc user -UXXXX" from theses servers I get all groups in LDAP. >> These servers are working fine for a long time. >> >> Now I have configured a file server (not logon server, sambafs1), as a >> member of the domain served by those servers (this with v3.3.8). I >> have configured the LDAP client, so I can do "getent passwd" and >> "getent group" and I see all objects from LDAP. Next, I have >> configured Samba with this conf: > (snip) >> Next, I have joined the Samba FS in the domain, using the command "net >> rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group >> -S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't >> see any groups, I cannot assign privileges using "net rpc rights >> grant", so users can manage shares from Windows using the add, change >> and delete share commands. > > This is an expected behavior. > > "net rpc group -S sambafs1 -UXXXXX" returns local groups defined on > sambafs1, not > domain groups. > > Recently (3.0.24 and after) no groups are defined by default. so you > should get no > (local) groups. > >> I cannot assign privileges using "net rpc rights grant" > > Do you use winbind? If not, you should create a local admin user: > > sambafs1# pdbedit -a root > > And try like: > sambafs1# net rpc rights grant DOMAINNAME\\USERNAME > SeAddUsersPrivilege -U sambafs1\\root > > --- > TAKAHASHI Motonobu <[email protected]> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
