Re: [Samba] samba groups problem

[Sergio Pereira]

I feel stupid now .. but never mind. I found the 'problem'. I forgot to
map the global groups.

cheers,

sergio




On Thu, 2003-12-04 at 14:41, Sergio Pereira wrote:
 Hi folks,
 
 I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as
 backend. So, all my groups, users are in my ldap database and the
 authentication is working just fine. My problem is with groups, from
 windows xp pro client I'm trying to add to a local group 'Power Users'
 the global group 'Domain Users' but I can see just the users from my
 workstations (winxp pro). Checking others local groups like
 'Administrators' I can see local users as Administrator and a
 '?'+'SID'+512 (for example:
 ?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else.
 
 I've tried to add users to global group 'Domain Admins' but when logged
 on any workstation the rights doesn't work either. Again, I can add
 users (dom\user) with no problem but I can't do the same thing with
 global groups.
 Any idea on this??
 
 here's my smb.conf
 ---xxx---
 [global]
 workgroup = DOM.CA
 netbios name = PDC
 server string = SAMBA-LDAP
 passdb backend = ldapsam:ldap://ldap.dom.ca
 passwd program = /usr/bin/smbpasswd %u
 passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password*
 %n\n
 log level = 5 ; remember to lower the log level in real life :-)
 log file = /var/log/samba/%m.log
 max log size = 0
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
 domain logons = Yes
 os level = 64
 preferred master = Yes
 domain master = Yes
 dns proxy = No
 wins support = Yes
 ldap suffix = dc=dom,dc=ca
 ldap machine suffix = dc=dom,dc=ca
 ldap user suffix = dc=dom,dc=ca
 ldap group suffix = dc=dom,dc=ca
 ldap idmap suffix = dc=dom,dc=ca
 ldap admin dn = cn=manager,dc=dom,dc=ca
 ldap ssl = start tls
 ldap passwd sync = Yes
 printing = cups
 
 [homes]
 comment = Home Directories
 read only = No
 create mask = 0664
 directory mask = 0700
 browseable = No
 
 [netlogon]
 comment = Network Logon Service
 path = /home/samba/netlogon
 guest ok = Yes
 
 [profiles]
 path = /home/samba/profiles
 read only = No
 create mask = 0600
 directory mask = 0700
 guest ok = Yes
 profile acls = Yes
 csc policy = disable
  
  ---xxx---
 
 cheers,
 
 sergio
-- 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba-3.0.0-2 PDC + openldap - groups problem

[Sergio Pereira]

Hi folks,

I'm having a hard time with groups when using samba as pdc. All my users
and groups are stored in ldap database and my linux doesn't have users
and/or groups. All the authentication is made by ldap.
When trying to put Domain Users into Local group Power Users, I'm not
able to see the domain groups, I see just users.

From windows xp workstation I checked another local group (Users) and I
see 3 different things:
- NT AUTHORITY\ Authenticated Users
- NT AUTHORITY\ Interactive
- S-1-5-21-3664164490-1896102861-1451414487-513 (which is my Domain
Users)

the last one I see just the SID with a '?' mark.

any idea how to fix it?

cheers,

sergio



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.0-1 + OpenLDAP

[Sergio Pereira]

Hi All,

after so much suffering I finally have my rh9 box working with
openldap-2.0.0.27-8 and samba-3.0.0-1. I still have some problems as
follow:

1 - Once I've joined a machine to the Domain I only can logon using root
user; if I try to logon as Administrator the system tells me that
username and/or password are not correct.
2 - If I try to use the parameter 'passdb backend =
ldapsam:ldap://127.0.0.1/' the authentication doesn't work.

I've been following the
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html howto.

thx,

Sergio Pereira



here are my config files from rh9 box.

------
/etc/samba/smb.conf
[global]
  workgroup = ryerson.ca
  netbios name = PDC-SRV
  server string = SAMBA-LDAP PDC Server
  encrypt passwords = Yes
  passwd program = /usr/local/bin/smbldap-passwd.pl -o %u
  passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
  unix password sync = Yes
  log file = /var/log/samba/%m.log
  log level = 5 
  max log size = 0
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  domain logons = Yes
  os level = 80
  preferred master = True
  domain master = True

  dns proxy = No
  wins support = Yes
# SAMBA-LDAP declarations
;  passdb backend = ldapsam:ldap://127.0.0.1/
  ldap suffix = dc=ryerson,dc=ca
  ldap admin dn = cn=manager,dc=example,dc=com
  ldap ssl = No
  printing = lprng
  add user script = /usr/sbin/smbldap-useradd.pl -w %u

[homes]
  comment = Home Directories
  valid users = %S
  read only = No
  create mask = 0664
  directory mask = 0775
  browseable = No
[netlogon]
  comment = Network Logon Service
  path = /home/samba/netlogon
  guest ok = Yes
[profiles]
  path = /home/samba/profiles
  writeable = yes
  browseable = no
  create mode = 0644
  directory mode = 0755
  guest ok = yes
[printers]
  comment = All Printers
  path = /var/spool/samba
  printable = Yes
  browseable = No
[tmp]
  comment = Temporary file space
  path = /tmp
  read only = No
  guest ok = Yes

xxx

here is my /etc/slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

database ldbm
suffix dc=ryerson,dc=ca
directory /var/lib/ldap
rootdn cn=manager,dc=example,dc=com
rootpw {SSHA}g72uKCjmK9kSh2sg3nlb9gZwynD5rz
# index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial

---xxx---

here are the entries for Administrator and Root user:

# Administrator, Users, EXAMPLE, COM
dn: uid=Administrator,ou=Users,dc=EXAMPLE,dc=COM
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSAMAccount
cn: Administrator
sn: Administrator
uid: Administrator
uidNumber: 1002
gidNumber: 200
homeDirectory: /home//Administrator
loginShell: /bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-4263734852-1518306851-1126385063-3004
sambaPrimaryGroupSID: S-1-5-21-4263734852-1518306851-1126385063-1401
sambaHomeDrive: U:
sambaHomePath: \\smb.example.com\homes
sambaProfilePath: \\smb.example.com\profiles\Administrator
sambaLogonScript: Administrator.cmd
sambaLMPassword: 570992575A0E7CAAC2265B23734E0DAC
sambaNTPassword: 9B0166BEA503BA881D5BAC85EB8C93FA
sambaPwdLastSet: 1064935056
userPassword:: e1NTSEF9QmFBbyt2Q2VEdGZ1Ylh4YlByL3FrYlF6TnBRaS9ud3k=

---

# root, Users, EXAMPLE, COM 
dn: uid=root,ou=Users,dc=EXAMPLE,dc=COM
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSAMAccount
cn: root
sn: root
uid: root
homeDirectory: /home//root
loginShell: /bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaHomeDrive: U:
sambaHomePath: \\smb.example.com\homes
sambaProfilePath: \\smb.example.com\profiles\root
sambaLogonScript: root.cmd
gidNumber: 0
sambaSID: S-1-5-21-4263734852-1518306851-1126385063-1000
sambaPrimaryGroupSID: S-1-5-21-4263734852-1518306851-1126385063-1001
uidNumber: 0
sambaLMPassword: 570992575A0E7CAAC2265B23734E0DAC
sambaNTPassword: 9B0166BEA503BA881D5BAC85EB8C93FA
sambaPwdLastSet: 1064932432
userPassword:: e1NTSEF9VnY2aEFLZFhOQ2NxSFJSMkc0K1dwcFk2a2p5MkZ4Sk0=


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba