I have a problem using ntconfig.pol-policies for domain groups other than "Domain Users" and "Domain Admins".
I am using Samba 2.2.7 with LDAP support as a PDC.
Policies work as expected for "Domain Users" and "Domain Admins" but setting policies for any other group doesn't work.
The "Browse"-list for AddGroups in poledit only shows the two groups "Domain Users" and "Domain Admins", other groups that I've set up, are not found in poledit. (Sniffing the wire using Ethereal shows that the Samba-Server only returns information about those two groups, see below...)
When I enter the name of a group like "RK_KLBG\Everyone" or "RK_KLBG\rk" manually in the Browse-window, poledit tells me that this is a local group and refuses to add this group. Entering the group as "RK_KLBG\Everyone", "Everyone", "RK_KLBG\rk" or "rk" in the text-field outside the Browse-window works but when logging in a user that is a member of those groups, the settings are ignored.
However those groups work as expected in Unix and for file permissions on the Samba-server. I've verified this behaviour on Windows 2000 and NT4.
Any help is greatly appreciated, as I'm already struggling with this problem for several months and I'm rather desperate now... :(
Some data that might help is attached below, please tell me, if you need additional informations.
Thanks in advance, --leo
---------------------------------------- Some settings from smb.conf:
workgroup = RK_KLBG netbios name = SAMBA
---------------------------------------- showgrps from the Windows 2000 Server CD produces:
V:\Admin\group-tools>showgrps
User: [RK_KLBG\smbadmin], is a member of:
SAMBA\Domain Admins SAMBA\Domain Users SAMBA\Everyone
Is it supposed to show the netbios name of the server (SAMBA\...) or the domain name (RK_KLBG\...)?
---------------------------------------- In contrast to that, groups on the linux box shows: smbadmin$ groups rk urxn Domain Admins
---------------------------------------- When clicking the Browse Button in poledit, ethereal records the following:
Frame 66 (422 bytes on wire, 422 bytes captured)
Ethernet II, Src: 00:04:76:cd:e3:e7, Dst: 00:04:75:d5:47:83
Internet Protocol, Src Addr: 192.168.60.151 (192.168.60.151), Dst Addr: 192.168.60.226 (192.168.60.226)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2245 (2245), Seq: 2791153803, Ack: 4183446132, L
en: 368
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Pipe Protocol
DCE RPC
Microsoft Security Account Manager
Operation: QueryDispinfo2 (48)
Total Size
Total Size: 64
Returned Size
Returned Size: 64
DISPLAY_INFO:
DISP_INFO:
Level: 3
Group_DispInfo Array
Count: 2
GROUP_DISPINFO_ARRAY
Referent ID: 0x00000001
Max Count: 2
Group_DispInfo
Index: 1
Rid: 512
Acct Ctrl: 0x00000007
Account Name: Domain Admins
Length: 26
Size: 26
Character Array: Domain Admins
Referent ID: 0x00000001
Max Count: 13
Offset: 0
Actual Count: 13
Account Name: Domain Admins
Account Desc: Administrators for the domain
Length: 58
Size: 58
Character Array: Administrators for the domain
Referent ID: 0x00000001
Max Count: 29
Offset: 0
Actual Count: 29
Account Desc: Administrators for the domain
Group_DispInfo
Index: 2
Rid: 513
Acct Ctrl: 0x00000007
Account Name: Domain Users
Length: 24
Size: 24
Character Array: Domain Users
Referent ID: 0x00000001
Max Count: 12
Offset: 0
Actual Count: 12
Account Name: Domain Users
Account Desc: Users in the domain
Length: 38
Size: 38
Character Array: Users in the domain
Referent ID: 0x00000001
Max Count: 19
Offset: 0
Actual Count: 19
Account Desc: Users in the domain
Return code: STATUS_SUCCESS (0x00000000)
---------------------------------------- The LDAP entries for the groups are:
# ldapsearch -x -h localhost -b 'ou=Groups,dc=rk-klbg,dc=at' 'cn=Domain Admins'
version: 2
# # filter: cn=Domain Admins # requesting: ALL #
# Domain Admins, Groups, rk-klbg, at dn: cn=Domain Admins,ou=Groups,dc=rk-klbg,dc=at objectClass: posixGroup gidNumber: 800 cn: Domain Admins description: Windows Domain Admins memberUid: administrator memberUid: smbadmin memberUid: wininst
# ldapsearch -x -h localhost -b 'ou=Groups,dc=rk-klbg,dc=at' 'cn=Domain Users'
version: 2
# # filter: cn=Domain Users # requesting: ALL #
# Domain Users, Groups, rk-klbg, at dn: cn=Domain Users,ou=Groups,dc=rk-klbg,dc=at objectClass: posixGroup gidNumber: 801 cn: Domain Users description: Windows Domain Users memberUid: testsmb
# ldapsearch -x -h localhost -b 'ou=Groups,dc=rk-klbg,dc=at' 'cn=rk' version: 2
# # filter: cn=rk # requesting: ALL #
# rk, Groups, rk-klbg, at dn: cn=rk,ou=Groups,dc=rk-klbg,dc=at objectClass: posixGroup cn: rk gidNumber: 1000 memberUid: wininst memberUid: testlongname1 memberUid: testlongname memberUid: root memberUid: smbadmin memberUid: testsmb
-- ----------------------------------------------------------------------- Alexander (Leo) Bergolth [EMAIL PROTECTED] WU-Wien - Zentrum fuer Informatikdienste http://leo.wu-wien.ac.at Computers are like air conditioners - they stop working properly when you open Windows
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
