You probably should verify... getent group (does it enumerate groups)
net groupmap list (do your groups work and do they map to your SID's)? a sample group Craig On Wed, 2006-10-18 at 13:30 -0500, Robert Beaty wrote: > First some information on the system set up. > OS: CentOS 4.3 > Samba 3.0.10 > FDS 7.1 > > Samba is acting as a PDC for our network. We have both windows 2000 and > windows XP client machines. They are all joined to our domain. Everything > "seems" to be fine except that when a user logs into a machine they can not > make even simple changes to setting such as folder options (ie. view file > extensions). Our previous set up was using Samba 2 and OpenLDAP. Users whos > profiles and ldap entries were created uder that system do not have this > problem (these olders users where converted and imported into FDS). Only the > users which have been added since the switch have this problem. The uid's > are following the same path as previously and profiles are being copied from > a default windows profile directory. The users are members of the "Domain > Users" group with has sid 513 and maps to the unix group 2513 also "Domain > Users". The Domain Users group is under the users group on the windows > clients. Profile folder permissions are set to username:"Domain Users" and > they have wrx priveleges. Of course if the user is set to a local > administrator on the machine none of these problems arise. I have even tried > explicitely adding a single user to the users group in windows and still the > problem occurs. I've looked in gpedit.msc and have been unable to locate > anything to point to the problem there. Below is a copy of smb.conf with > certain information left out for security and such as well as a sample user > entry from FDS and a snippet of a windows login log from a windows 2000 > client. I know it's a bit long but I wanted to try and get all possible > information in the email. Let me know if I left anything out. > > -Robert > > <--------- Start smb.conf ------------> > > [global] > workgroup = IPOV > security = user > passdb backend = ldapsam:ldap://example.ldap.server > ldap admin dn = cn=admin users > ldap suffix = dc=company,dc=com > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > > log file = /var/log/%m.log > log level = 1 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > os level = 65 > domain logons = yes > domain master = yes > local master = yes > preferred master = yes > > wins support = yes > > logon home = \\%N\homes\%U > logon path = \\%N\profiles\%U > logon drive = H: > > template shell = /bin/false > winbind use default domain = no > > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > > [netlogon] > path = /mnt/data/netlogon > read only = yes > browsable = no > > [profiles] > path = /mnt/data/profiles > read only = no > create mask = 0777 > directory mask = 0777 > writeable = yes > browsable = no > guest ok = no > > [homes] > browsable = no > writable = yes > create mask = 0764 > directory mask = 0775 > > <---------- End smb.con ----------> > > <---------- Start example ldap entry -------------> > dn: uid=test.user,ou=Users,dc=company ,dc=com > modifytimestamp: 20060922201729Z > modifiersname: admin dn > gidNumber: 2513 > sambaPrimaryGroupSID: S- sid_here-513 > passwordgraceusertime: 0 > sambaNTPassword: removed > sambaLMPassword: removed > userPassword: removed > uid: test.user > uidNumber: 1400 > homeDirectory: /home/test.user > loginShell: /bin/bash > objectClass: inetOrgPerson > objectClass: sambaSAMAccount > objectClass: posixAccount > objectClass: organizationalPerson > objectClass: top > objectClass: person > cn: Test User > sn: User > gecos: Test User > description: Test User > displayName: Test User > mail: [EMAIL PROTECTED] > sambaSID: S- sid_here-3814 > sambaHomeDrive: H: > sambaHomePath: \\ server_name\homes > sambaProfilePath: \\server_name\profiles\test.user > sambaLogonScript: STARTUP.BAT > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdMustChange: 2147483647 > sambaPwdCanChange: 1142535948 > sambaPasswordHistory: > 0000000000000000000000000000000000000000000000000000000000000000 > sambaPwdLastSet: 1142535948 > sambaAcctFlags: [U ] > creatorsname: cn=admin dn > createtimestamp: 20060914135759Z > nsuniqueid: removed > parentid: 24 > entryid: 299 > entrydn: uid=test.user,ou=users,dc=company,dc=com > numsubordinates: 0 > subschemasubentry: cn=schema > hassubordinates: FALSE > <---------- End example ldap entry ------------> > > <----------- Start Windows login log ----------------> > USERENV(bc.a4) 11:09:27:921 CopyProfileDirectoryEx: Setting Directory > TimeStamps all Directories > USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Set times on all > directories > USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Leaving with a return > value of 1 > USERENV(bc.a4) 11:09:28:000 MyRegLoadKey: Mutex released. Returning 0. > USERENV(bc.a4) 11:09:28:015 MyRegLoadKey: Mutex released. Returning 0. > USERENV(bc.a4) 11:09:28:015 CreateClassHive: existing user classes hive > found > USERENV(bc.a4) 11:09:28:015 RestoreUserProfile: About to Leave. Final > Information follows: > USERENV(bc.a4) 11:09:28:015 Profile was successfully loaded. > USERENV(bc.a4) 11:09:28:015 lpProfile->lpRoamingProfile = <\\server_name > \profiles\test.user> > USERENV(bc.a4) 11:09:28:015 lpProfile->lpLocalProfile = <C:\Documents and > Settings\test.user> > USERENV(bc.a4) 11:09:28:015 lpProfile->dwInternalFlags = 0x10 > USERENV(bc.a4) 11:09:28:015 RestoreUserProfile: Leaving. > USERENV(bc.a4) 11:09:28:015 GetUserGuid: Failed to get user guid with 1355. > USERENV(bc.a4) 11:09:28:031 GetUserGuid: Failed to get user guid with 1355. > USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Entering > USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Build numbers match > USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Leaving Successfully > USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Releasing mutex. > USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Leaving with a value of 1. > USERENV(bc.a4) 11:09:28:031 LoadUserProfile: hProfile = <0x300> > <----------- End Windows login log ----------------> > <http://www.ipov.net> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
