On Mon, Feb 02, 2009 at 09:16:06AM -0800, Ray Klassen wrote: > One sanitized debug lo coming up. This is not using user manager for > domains. This is with net rpc group list. > > > > What you need to do is provide a debug level 10 log of smbd > > trying to enumerate groups. > > > > Volker > > > > smbldap_search_paged: base => [ou=Groups,dc=thisdomain,dc=com], > filter => > [(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))],scope > => [2], pagesize => [1024] > [2009/02/02 08:41:20, 5] lib/smbldap.c:smbldap_search_ext(1182) > smbldap_search_ext: base => [ou=Groups,dc=thisdomain,dc=com], filter > => > [(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))], > scope => [2] > [2009/02/02 08:41:20, 3] lib/smbldap.c:smbldap_search_paged(1333) > smbldap_search_paged: search was successfull > [2009/02/02 08:41:20, 10] rpc_server/srv_samr_nt.c:_samr_query_dispinfo(1289) > samr_reply_query_dispinfo: starting group enumeration at index 0 > [2009/02/02 08:41:20, 3] smbd/sec_ctx.c:pop_sec_ctx(356) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2009/02/02 08:41:20, 5] rpc_parse/parse_samr.c:init_sam_dispinfo_3(1810) > init_sam_dispinfo_3: num_entries: 0
To me this looks as if you don't have any groups in your LDAP tree under ou=Groups,dc=thisdomain,dc=com. You should be able to do the exact same search with ldapsearch: ldapsearx -x -b ou=Groups,dc=thisdomain,dc=com '(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX*))' and see what comes back. Volker
pgpDOhdYOoLeK.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
