On Sat, Jan 31, 2009 at 7:16 AM, Ray Klassen <[email protected]> wrote:
> On Sat, Jan 31, 2009 at 6:44 AM, Ray Klassen <[email protected]> wrote: > > On Fri, Jan 30, 2009 at 10:27 AM, Jeremy Allison <[email protected]> wrote: > >> On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote: > >>> I have a network of about 100+ users with a Samba 3.0.25 server with > >>> an LDAP backend that I configured myself (with some help). Recently I > >>> have had to add about 300 more users to my system and now I need to > >>> get a slightly less technical person to help me manage the accounts. > >>> I've been happily using smbldap-tools all of this time, but when I > >>> showed what I do to my hapless trainee, her eyes started to glaze > >>> over. So as an alternative I'd like to start using the 'User Manager > >>> for Domains' in the SRVTOOLS.EXE archive. She might find the point and > >>> click of it all more friendly. Only thing is, when I start up User > >>> Manager, I can see all the users, but I can't see the groups. So I did > >>> a bit of checking and found that nowhere are those available as a > >>> list. Not even 'net rpc group list' will give me a list, even though > >>> if I add someone to my Domain Admins group everything works correctly. > >>> At the windows workstation end I can access the groups by name, to set > >>> the permissions of a share to certain group, etc. but I can't list > >>> them as I can the users.I've checked all the files... > >>> smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive > >>> matches up with the right ldap 'ou' and so on. Has anyone any > >>> pointers? > >> > >> There was a bug in earlier versions of the smbldap-tools > >> that creates groups with the wrong sid-type. I'd suggest > >> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring > >> the group-type is changed in your LDAP db (I think it should be > >> type 5, rather than type 4 but this could be the other way > >> around :-). > >> > >> Jeremy. > >> > > > > > > 3.0.34 is now installed. no change. 'net rpc list groups' returns > > nothing, while 'net rpc group members <group>' returns the correct > > data > > > > tried changing the group type on a few groups. no change in behavior > there. > > > > cleaned up some error messages in my slapd.log where I assume samba > > was requesting indexes from slapd.log. just told slap.conf to index > > those attributes and the messages went away. > > > > Upping the loglevel in slapd.conf... > > > > looking at the slapd logging after a 'net rpc list groups' it > locates 57 groups and then queries the sambaSIDList attribute on each > one. (which I said earlier I wasn't set) After which it records > 'bdb_search: no candidates' and thats that... > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > did smbldap-tools get upgraded along with samba? if not, you should update them separately. if so, you will have to delete and re-create the groups in order for them to be created correctly. Another workaround would be to delete the groups and use net rpc group to re-create them. This worked for me. -wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
