[Samba] Listing Domain Local Groups from a Samba Member (NT4 PDC)
in [Samba]
|
From: Mark Sheard on 30 Jun 2010 02:40 Good Morning to all, Sorry if this is spam to some of you, not sure if this is more technical or not... Considering i have been fighting for a week now on this trying all possible checks and configs out there on the net, i thought i better come to the experts. ;o) My last resort is to upgrade to latest samba ver which might help but i think the bug was not fixed in this version not sure.. :o\ I have Ubuntu version 10.04 Samba ver "3.0.28a-1ubuntu4.12" Here is the Bug/problem: I am unable to list Domain "Local Groups" but Domain "Global Groups" are fine in winbind. I would like to know winbind is working with "Local Groups" first before configuring apache to authenticate to a local group and the rest... I have configured a Samba Member server (Nagios) to talk to a NT Domain PDC. Here is my Samba cfg. root(a)wfmmon-GBL:/downloads# testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER [global] workgroup = NAMEOFDOMAIN server string = %h server (Samba, Ubuntu) security = DOMAIN map to guest = Bad User obey pam restrictions = Yes password server = PDCSVR BDCSVR2 BDCSVR3_CF BDCSVR4 BDCSVR5_cf passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast unix extensions = No printcap name = cups disable spoolss = Yes preferred master = No local master = No domain master = No wins server = 192.168.0.0.1 #( not the real ip) usershare allow guests = Yes usershare max shares = 10 panic action = /usr/share/samba/panic-action %d idmap uid = 1000-200000 idmap gid = 1000-200000 template shell = /bin/bash winbind separator = + winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root wide links = No root(a)wfmmon-GBL:/downloads# Domain Local group NAGMONGBL Domain Global group Domain Users Example: I am able to do **** root(a)wfmmon-GBL:/downloads# wbinfo --group-info="Domain Users" domain users:x:10004 root(a)wfmmon-GBL:/downloads# **** But NOT **** root(a)wfmmon-GBL:/downloads# wbinfo --group-info="NAGMONGBL" Could not get info for group NAGMONGBL root(a)wfmmon-GBL:/downloads# **** Checking error logs reveals **** root(a)wfmmon-GBL:/downloads# tail -25 /var/log/samba/log.winbindd [2010/06/30 07:15:55, 1] nsswitch/winbindd_group.c:fill_grent_mem(365) could not lookup membership for group sid "SIDNUMBER" in domain NAMEOFDOMAIN (error: NT_STATUS_NO_SUCH_GROUP) **** I am able to resolve the sid to name **** root(a)wfmmon-GBL:/downloads# wbinfo --sid-to-name="SIDNUMBER" NAMEOFDOMAIN+nagmongbl 4 **** Additional stuff i tried with group mapping i get the same error as above with (wbinfo --group-info="NAGMONGBL"): nagmongbl is our local group.. BUILTIN+users is also a local group but works :o\ root(a)wfmmon-GBL:/downloads# net groupmap list nagmongbl (S-1-5-21-1420701450-S-I-D-Number) -> nagmonglb Administrators (S-1-5-32-544) -> BUILTIN+administrators Users (S-1-5-32-545) -> BUILTIN+users root(a)wfmmon-GBL:/downloads# getent group nagmonglb nagmonglb:x:10770: root(a)wfmmon-GBL:/downloads# getent group nagmongbl root(a)wfmmon-GBL:/downloads# root(a)wfmmon-GBL:/downloads# getent group "BUILTIN+users" BUILTIN+users:x:10001:administrator,iusr_svr_cf,svr$,svr3$,iwam_svvr_cf,iusr_srv_cf,iwam_svr342_cf,wfmmon-gbl$ root(a)wfmmon-GBL:/downloads# If it comes down to Samba version : Considering Samba upgrades what would be the best approach? to remove or install over the top of existing installation? Thanks in advance for any input, help, direction that can be provided here. Regards Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: Samba 3.3 ldap tools Next: Password policies in the LDAP server |