James MacLean wrote:
Hi Folks,
Samba-3.0.11.
. Using /etc/passwd, /etc/group, smbpasswd - everything in the PDC world seems fine.
. Using /etc/passwd, /etc/group, MySQL backend - I can join the domain but get an error about not being able to find a domain controller when I try to login to the domain with an mysql user. Logging in as root is ok, but likely that is because I use both mysql and smbpasswd backends.
. Using the new NSS http://fssos.sourceforge.net/ works ok if I use smbpasswd.
. Once I switch to NSVS(NSS) and MySQL, I can not log any new users in, but, if I log in as user who originally got in by being in smbpasswd but has since been deleted from smbpasswd, I can continue to login successfully if they exist in the MySQL.
. net rpc group info <smbpasswd user> gives all group info from /etc/group.
. net rpc group info <mysql only user> shows none of the groups they belong to regardless of there existance in /etc/passwd
Long story short... I can only get a new user logged into a PC via the domain for their first time if they have an entry in smbpasswd. After that, being in the MySQL backend appears to be enough.
I can pass along configs if needed, but since it works accept for the mysql change I didn't want to confuse the problem. I don't see the NSS/NSVS being any influence, but wanted to show how the solution was meant to fit together :).
Is this a known limitation in the MySQL backend or more likely, am I setting something up incorrectly?
thanks, JES
I am getting there :). I now have :
. The MySQL user table from examples/pdb/mysql/mysql.dump loaded from a file of users/passwords.
. The new NSS (FSSOS-NSVS) uses it to get the UID.
. Samba uses it for the MySQL backend - no smbpasswd backend.
. Using "net rpc rights" I was able to have a non-root user used to join a computer to a domain
. Log into the domain with users from the MySQL database.
The gotcha that was occurring above was that the SIDs I had been importing were not constructed from this Samba's local SID :
net getlocalsid
I then in haste had the wrong domain in the domain field, so one has to remember that :).
To change my localsid I did some drastic things :
1. rm /etc/samba/secrets.tdb 2. rm -f /var/lock/samba 3. mkdir /var/lock/samba 4. net setlocalsid <newsid> 5. Check they are ok with "net groupmap list"
But 'twas a new install so I did not mind.
I also added the administrator account -500 as described at the bottom of http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
and mapped "Domain Users/Domain Admins/Domain guests/Administrators" to local unix accounts, which I verified with "net rpc user info <someone>" in the groups.
But I now see that the NT tool usrmgr has a problem looking that user accounts. The users all show up, but when I try to expand any I get :
The following error occurred accessing the properties of the user <user> The stub received bad data. The user properties can not be viewed or edited at this time.
Any advice :)?
JES -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
