Re: [Samba] Samba cannot find group in ADS
Kay Obermueller wrote: Hello everybody, I have a Samba 3.0.7-Debian setup and joined a W2k ADS-domain. A User is put in SambaUsers as his primary primary group. I can create files from XP client that belong to user in SambaUsers The user is successfully authenticated by samba and can access his profile. I want him to be able to access the share p on samba. Without valid users set for the share this is possible. If I try to limit access to SambaUsers, this group isn't found by samba in the domain. Shall I have a closer look on winbind? Who can help me have a good sunday? :) Kay testparm: # Global parameters [global] unix charset = UTF8 display charset = UTF8 workgroup = LIHH realm = LIHH.LOC server string = %h server (Samba %v) security = ADS password server = liba.lihh.loc log level = 3 passdb:5 auth:10 winbind:5 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No wins server = 10.1.1.3 ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template primary group = sambausers template shell = /bin/bash winbind separator = + winbind use default domain = Yes [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No [p] comment = Documents path = /home/samba/p valid users = @LIHH\SambaUsers read only = No create mask = 0750 [profiles] comment = Documents path = /home/samba/profiles read only = No create mask = 0750 The groups on the DC: morgane:/etc/samba# wbinfo -g BUILTIN+System Operators BUILTIN+Replicators BUILTIN+Guests BUILTIN+Power Users BUILTIN+Print Operators BUILTIN+Administrators BUILTIN+Account Operators BUILTIN+Backup Operators BUILTIN+Users Domänencomputer Domänen-Gäste Zertifikatherausgeber Organisations-Admins Schema-Admins Domänencontroller Domänen-Benutzer Domänen-Admins Richtlinien-Ersteller-Besitzer DnsUpdateProxy SambaUsers Groupmap on samba machine: morgane:/etc/samba# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-788693271-928550680-3704065133-514) - nobody Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domänen-Benutzer (S-1-5-21-788693271-928550680-3704065133-1201) - users Domain Admins (S-1-5-21-788693271-928550680-3704065133-512) - root SambaUsers (S-1-5-21-788693271-928550680-3704065133-21065) - sambausers Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-788693271-928550680-3704065133-513) - -1 The suspicious output of /var/log/samba/log.winbindd: [2004/11/14 04:28:05, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:06, 3] libads/ads_ldap.c:ads_sid_to_dn(222) ads sid_to_dn mapped CN=Pentium,CN=Computers,DC=lihh,DC=loc [2004/11/14 04:28:06, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:14, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:15, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist Then of course in /var/log/samba/log.ip_number I get: [2004/11/14 04:28:15, 2] smbd/service.c:make_connection_snum(314) user 'LIHH+User.Name' (from session setup) not permitted to access this share (p) [2004/11/14 04:28:15, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Hello everybody, for my problem of not finding SambaUsers I found something odd: grep 10032 /etc/group sambausers:x:10032: wbinfo -G 10032 S-1-5-32-552 net groupmap list Replicators (S-1-5-32-552) - -1 SambaUsers (S-1-5-21-788693271-928550680-3704065133-21065) - sambausers Somehow the unix group sambausers matches Replicators on windows instead of SambaUsers. Why is this? Or better how to correct this? Kay -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba cannot find group in ADS
Kay Obermueller wrote: Kay Obermueller wrote: Hello everybody, I have a Samba 3.0.7-Debian setup and joined a W2k ADS-domain. A User is put in SambaUsers as his primary primary group. I can create files from XP client that belong to user in SambaUsers The user is successfully authenticated by samba and can access his profile. I want him to be able to access the share p on samba. Without valid users set for the share this is possible. If I try to limit access to SambaUsers, this group isn't found by samba in the domain. Shall I have a closer look on winbind? Who can help me have a good sunday? :) Kay testparm: # Global parameters [global] unix charset = UTF8 display charset = UTF8 workgroup = LIHH realm = LIHH.LOC server string = %h server (Samba %v) security = ADS password server = liba.lihh.loc log level = 3 passdb:5 auth:10 winbind:5 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No wins server = 10.1.1.3 ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template primary group = sambausers template shell = /bin/bash winbind separator = + winbind use default domain = Yes [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No [p] comment = Documents path = /home/samba/p valid users = @LIHH\SambaUsers read only = No create mask = 0750 [profiles] comment = Documents path = /home/samba/profiles read only = No create mask = 0750 The groups on the DC: morgane:/etc/samba# wbinfo -g BUILTIN+System Operators BUILTIN+Replicators BUILTIN+Guests BUILTIN+Power Users BUILTIN+Print Operators BUILTIN+Administrators BUILTIN+Account Operators BUILTIN+Backup Operators BUILTIN+Users Domänencomputer Domänen-Gäste Zertifikatherausgeber Organisations-Admins Schema-Admins Domänencontroller Domänen-Benutzer Domänen-Admins Richtlinien-Ersteller-Besitzer DnsUpdateProxy SambaUsers Groupmap on samba machine: morgane:/etc/samba# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-788693271-928550680-3704065133-514) - nobody Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domänen-Benutzer (S-1-5-21-788693271-928550680-3704065133-1201) - users Domain Admins (S-1-5-21-788693271-928550680-3704065133-512) - root SambaUsers (S-1-5-21-788693271-928550680-3704065133-21065) - sambausers Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-788693271-928550680-3704065133-513) - -1 The suspicious output of /var/log/samba/log.winbindd: [2004/11/14 04:28:05, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:06, 3] libads/ads_ldap.c:ads_sid_to_dn(222) ads sid_to_dn mapped CN=Pentium,CN=Computers,DC=lihh,DC=loc [2004/11/14 04:28:06, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:14, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:15, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist Then of course in /var/log/samba/log.ip_number I get: [2004/11/14 04:28:15, 2] smbd/service.c:make_connection_snum(314) user 'LIHH+User.Name' (from session setup) not permitted to access this share (p) [2004/11/14 04:28:15, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Hello everybody, for my problem of not finding SambaUsers I found something odd: grep 10032 /etc/group sambausers:x:10032: wbinfo -G 10032 S-1-5-32-552 net groupmap list Replicators (S-1-5-32-552) - -1 SambaUsers (S-1-5-21-788693271-928550680-3704065133-21065) - sambausers Somehow the unix group sambausers matches Replicators on windows instead of SambaUsers. Why is this? Or better how to correct this? Kay Hello again, I made some substantial progress in getting the groups thing to work. In some posting from this NG I found an expample with the syntax of valid users = @ADSDOMAIN\groupname. This doesn't work. Winbind then asks for \\ADSDOMAIN\ADSDOMAIN\groupname so winbind -i told me. It should be valid users = @groupname. Of course I already tried that before also... But then I tried winbind -n which means caching disabled and now it works! So what's wrong with the caching? Kay -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba cannot find group in ADS
Hello everybody, I have a Samba 3.0.7-Debian setup and joined a W2k ADS-domain. A User is put in SambaUsers as his primary primary group. I can create files from XP client that belong to user in SambaUsers The user is successfully authenticated by samba and can access his profile. I want him to be able to access the share p on samba. Without valid users set for the share this is possible. If I try to limit access to SambaUsers, this group isn't found by samba in the domain. Shall I have a closer look on winbind? Who can help me have a good sunday? :) Kay testparm: # Global parameters [global] unix charset = UTF8 display charset = UTF8 workgroup = LIHH realm = LIHH.LOC server string = %h server (Samba %v) security = ADS password server = liba.lihh.loc log level = 3 passdb:5 auth:10 winbind:5 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No wins server = 10.1.1.3 ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template primary group = sambausers template shell = /bin/bash winbind separator = + winbind use default domain = Yes [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No [p] comment = Documents path = /home/samba/p valid users = @LIHH\SambaUsers read only = No create mask = 0750 [profiles] comment = Documents path = /home/samba/profiles read only = No create mask = 0750 The groups on the DC: morgane:/etc/samba# wbinfo -g BUILTIN+System Operators BUILTIN+Replicators BUILTIN+Guests BUILTIN+Power Users BUILTIN+Print Operators BUILTIN+Administrators BUILTIN+Account Operators BUILTIN+Backup Operators BUILTIN+Users Domänencomputer Domänen-Gäste Zertifikatherausgeber Organisations-Admins Schema-Admins Domänencontroller Domänen-Benutzer Domänen-Admins Richtlinien-Ersteller-Besitzer DnsUpdateProxy SambaUsers Groupmap on samba machine: morgane:/etc/samba# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-788693271-928550680-3704065133-514) - nobody Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domänen-Benutzer (S-1-5-21-788693271-928550680-3704065133-1201) - users Domain Admins (S-1-5-21-788693271-928550680-3704065133-512) - root SambaUsers (S-1-5-21-788693271-928550680-3704065133-21065) - sambausers Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-788693271-928550680-3704065133-513) - -1 The suspicious output of /var/log/samba/log.winbindd: [2004/11/14 04:28:05, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:06, 3] libads/ads_ldap.c:ads_sid_to_dn(222) ads sid_to_dn mapped CN=Pentium,CN=Computers,DC=lihh,DC=loc [2004/11/14 04:28:06, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:14, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist [2004/11/14 04:28:15, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298) group LIHH\SambaUsers in domain LIHH does not exist Then of course in /var/log/samba/log.ip_number I get: [2004/11/14 04:28:15, 2] smbd/service.c:make_connection_snum(314) user 'LIHH+User.Name' (from session setup) not permitted to access this share (p) [2004/11/14 04:28:15, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba