I feel stupid now .. but never mind. I found the 'problem'. I forgot to map the global groups.
cheers, sergio On Thu, 2003-12-04 at 14:41, Sergio Pereira wrote: > Hi folks, > > I'm running samba 3.0.0-2 (binary version) on rh9 with ldapsam as > backend. So, all my groups, users are in my ldap database and the > authentication is working just fine. My problem is with groups, from > windows xp pro client I'm trying to add to a local group 'Power Users' > the global group 'Domain Users' but I can see just the users from my > workstations (winxp pro). Checking others local groups like > 'Administrators' I can see local users as Administrator and a > '?'+'SID'+512 (for example: > ?S-1-5-21-3774164490-1836102861-1491414457-512) and nothing else. > > I've tried to add users to global group 'Domain Admins' but when logged > on any workstation the rights doesn't work either. Again, I can add > users (dom\user) with no problem but I can't do the same thing with > global groups. > Any idea on this?? > > here's my smb.conf > ---xxx--- > [global] > workgroup = DOM.CA > netbios name = PDC > server string = SAMBA-LDAP > passdb backend = ldapsam:ldap://ldap.dom.ca > passwd program = /usr/bin/smbpasswd %u > passwd chat = *New*SMB*password:* %n\n *Retype*new*SMB*password* > %n\n > log level = 5 ; remember to lower the log level in real life :-) > log file = /var/log/samba/%m.log > max log size = 0 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > add user script = /usr/local/sbin/smbldap-useradd.pl -w %u > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > ldap suffix = dc=dom,dc=ca > ldap machine suffix = dc=dom,dc=ca > ldap user suffix = dc=dom,dc=ca > ldap group suffix = dc=dom,dc=ca > ldap idmap suffix = dc=dom,dc=ca > ldap admin dn = cn=manager,dc=dom,dc=ca > ldap ssl = start tls > ldap passwd sync = Yes > printing = cups > > [homes] > comment = Home Directories > read only = No > create mask = 0664 > directory mask = 0700 > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [profiles] > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > guest ok = Yes > profile acls = Yes > csc policy = disable > > ---xxx--- > > cheers, > > sergio -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba