I've gone further down the food chain in diagnosing the problem:
A net rpc join command works but wbinfo -u or wbinfo -g fails:
[EMAIL PROTECTED] samba]# net rpc join -U Administrator
Password:
Joined domain MERCURY.
[EMAIL PROTECTED] samba]# net rpc info -U Administrator
Password:
Domain Name: MERCURY
Domain SID: S-1-5-21-356471451-824197641-1237804090
Sequence number: 20543
Num users: 625
Num domain groups: 96
Num local groups: 109
[EMAIL PROTECTED] samba]# wbinfo --set-auth-user=Administrator
Password:
[EMAIL PROTECTED] samba]# wbinfo -u
Error looking up domain users
[EMAIL PROTECTED] samba]# wbinfo -g
BUILTIN\administrators
BUILTIN\users
[EMAIL PROTECTED] samba]#
I've tried removing the server from the domain and rejoining it to no avail.
The domain has a Windows ADS controller running in mixed-mode.
Please help! This is seriously impacting the network and my stress levels are
peaking! ;)
Here is the global section from our smb.conf file:
[global]
workgroup = MERCURY
server string = Network Attached Storage
security = DOMAIN
winbind use default domain = yes
encrypt passwords = Yes
password server = HCDC
winbind nested groups = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
os level = 0
local master = No
dns proxy = No
wins server = 10.11.10.3
writeable = Yes
inherit acls = Yes
map to guest = Bad Uid
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael St.
Laurent
Sent: Monday, February 05, 2007 9:59 AM
To: [email protected]
Subject: RE: [Samba] Samba-3.0.23 problem
I've tried using the plus sign with no change. I also tried adding the machine
name with no result.
In other words:
@mis
+mis
@HCNAS\mis
+HCNAS\mis
Have not worked.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael St.
Laurent
Sent: Monday, February 05, 2007 9:15 AM
To: [email protected]
Subject: RE: [Samba] Samba-3.0.23 problem
Well, why would it change after a power off? No software upgrades were done.
In fact, that same server had been powered off before while still on the same
software version (samba-3.0.23c) without any problem. It was only after we
took all servers offline simultaneously that this happened.
I'll try your suggestion of course (and thank you very much!), I'm just
confused about why this happened.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto
van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: [email protected]
Subject: Re: [Samba] Samba-3.0.23 problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread. It
> didn't seem to help. If I remove the valid users parameter it works
> fine.
>
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list. Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>
> looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
> lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
> User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
> user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
> error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>
> [EMAIL PROTECTED] samba]# groups mikes
> mikes : avante mis
> [EMAIL PROTECTED] samba]#
>
> [exec_share]
> comment = Exec Share
> path = /usr/netshare/exec_share
> writeable = Yes
> valid users = @exec, @exasst, @mis
> admin users = @mis
> force group = exec
> force create mode = 0666
> force directory mode = 0777
>
> Please help!
What happens if you try with:
valid users = +mis
Did you checked the "Release Notes" for 3.0.23b?
http://us1.samba.org/samba/history/samba-3.0.23d.html
Kind regards,
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=
=dq8E
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
