Prev: [Samba] 'nobody' account and windows dc
Next: [Samba] samba4 + OpenLDAP
From: Robert Steinmetz AIA on 15 Jul 2010 14:50
I have a small work group with a Domain Controller and 2 Member Servers.
I am upgrading everything to the Ubuntu 10.04 LTS and then to LDAP

The Domain Controller - HAMLET
Ubuntu 8.04 LTS
Samba Version 3.0.28a

Member Server -REMUS
Ubuntu 10.04 LTS
Samba Version 3.4.7

Member Server -ROMULUS
Ubuntu 10.04 LTS
Samba Version 3.4.7

The member servers are identical hardware and the operating system
configuration is very similar.

The [Globals] in the smb.conf files on the Member Servers are identical
as far as I can tell.

> [global] ROMULUS
> workgroup = ORLEANS
> server string = %h server (Samba, Ubuntu, Files)
> security = DOMAIN
> map to guest = Bad User
> obey pam restrictions = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> local master = No
> domain master = No
> dns proxy = No
> ldap ssl = no
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> invalid users = root
> admin users = root, administrator
> hosts allow = 192.168.1.0/255.255.255.0
> [global] REMUS
> workgroup = ORLEANS
> server string = %h server (Samba, Ubuntu, Authentication,
> Groupware)
> security = DOMAIN
> map to guest = Bad User
> obey pam restrictions = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> dns proxy = No
> ldap ssl = no
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> invalid users = root
> admin users = root, administrator
> hosts allow = 192.168.1.0/255.255.255.0
User mapping works as expected, all utilities return the same information.

However group mapping does not seem to work the same on both machines.

# net groupmap list returns an empty list on REMUS

On ROMULUS

# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users
#

Similarly wbinfo -g returns different results

romulus# wbinfo -g
BUILTIN\administrators
BUILTIN\users
domain users
domain admins
domain guests
romulus#

remus# wbinfo -g
domain users
domain admins
domain guests
remus#


# net rpc group -S HAMLET -U administrator
Enter administrator's password:
Domain Users
Domain Admins
Domain Guests
#

Returns the same information on both member servers.

I have checked /etc/nsswitch.conf and both appear the same
--
Rob Steinmetz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: [Samba] 'nobody' account and windows dc
Next: [Samba] samba4 + OpenLDAP