Hai, The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my problems also.
Louis >-----Oorspronkelijk bericht----- >Van: andrej.si...@gmail.com >[mailto:samba-boun...@lists.samba.org] Namens Andrej Šimko >Verzonden: vrijdag 23 november 2012 9:11 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Samba PDC group list empty > >Dear samba users, > >I have very strange problem. I have Samba PDC up and running, but only >thing is missing. I cannot see any Domain Groups at all. >Here is my config: > >Debian Squeeze: >ii samba 2:3.5.6~dfsg-3squeeze8 >SMB/CIFS file, print, and login server for Unix >ii samba-common 2:3.5.6~dfsg-3squeeze8 > common >files used by both the Samba server and client >ii samba-common-bin 2:3.5.6~dfsg-3squeeze8 > common >files used by both the Samba server and client >ii samba-doc 2:3.5.6~dfsg-3squeeze8 > Samba >documentation > >/etc/samba/smb.conf >[global] >dos charset = CP852 >unix charset = UTF8 >display charset = UTF8 >workgroup = EXAMPLE >server string = %h server >map to guest = Bad User >passdb backend = ldapsam:ldap://127.0.0.1/ >pam password change = Yes >passwd program = /usr/sbin/smbldap-passwd -u %u >passwd chat = *New*password* %n\n *Retype*new*password* %n\n >*all*authentication*tokens*updated* >syslog = 0 >time server = Yes >log file = /var/log/samba/samba.log >log level = 3 >max log size = 1000 >socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u >delete user script = /usr/sbin/smbldap-userdel %u -r %u >add group script = /usr/sbin/smbldap-groupadd -p %g >delete group script = /usr/sbin/smbldap-groupdel %g >add user to group script = /usr/sbin/smbldap-groupmod -m %u %g >delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g >set primary group script = /usr/sbin/smbldap-usermod -g %g %u >add machine script = /usr/sbin/smbldap-useradd -w %u >logon script = logon.bat >domain logons = Yes >os level = 10 >preferred master = Yes >domain master = Yes >dns proxy = No >wins support = Yes >ldap admin dn = cn=admin,dc=example,dc=sk >ldap delete dn = Yes >ldap group suffix = ou=Groups >ldap idmap suffix = ou=Idmap >ldap machine suffix = ou=Computers >ldap suffix = dc=example,dc=sk >ldap ssl = no >ldap user suffix = ou=Users >panic action = /usr/share/samba/panic-action %d >map acl inherit = Yes >case sensitive = No >hide unreadable = Yes >map hidden = Yes >map system = Yes > >[homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0644 > directory mask = 0700 > browseable = No > path = /data/samba/homes > >[netlogon] > comment = Network Logon Service > path = /data/samba/netlogon > read only = No > guest ok = Yes > locking = No > share modes = No > >[profiles] > comment = Users profiles > path = /data/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > hide files = /desktop.ini/ > browseable = No > >/etc/nsswitch.conf ># /etc/nsswitch.conf ># ># Example configuration of GNU Name Service Switch functionality. ># If you have the `glibc-doc-reference' and `info' packages >installed, try: ># `info libc "Name Service Switch"' for information about this file. > >passwd: compat ldap >group: compat ldap >shadow: compat ldap > >hosts: files dns >networks: files > >protocols: db files >services: db files >ethers: db files >rpc: db files > >netgroup: nis > >/etc/ldap/ldap.conf ># ># LDAP Defaults ># > ># See ldap.conf(5) for details ># This file should be world readable but not world writable. >host 127.0.0.1 >base dc=example,dc=sk >binddn cn=admin,dc=example,dc=sk >bindpw secret >bind_policy soft >pam_password exop >timelimit 15 > >nss_base_passwd ou=Users,dc=example,dc=sk >nss_base_shadow ou=Users,dc=example,dc=sk >nss_base_group ou=Groups,dc=example,dc=sk > >net getdomainsid >SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 >SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 > >net groupmap list >Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) -> Domain >Admins >Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) >-> Domain Users >Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) -> Domain >Guests >Domain Computers >(S-1-5-21-2390795950-2727105968-4008069955-515) -> Domain >Computers >Administrators (S-1-5-32-544) -> Administrators >Account Operators (S-1-5-32-548) -> Account Operators >Print Operators (S-1-5-32-550) -> Print Operators >Backup Operators (S-1-5-32-551) -> Backup Operators >Replicators (S-1-5-32-552) -> Replicators > > >The strange thing is, if I try on Win XP to search groups, i >see in logs: >smbldap_search_paged: base => [dc=example,dc=sk], filter => >[(&(objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S >-1-5-21-2390795950-2727105968-4008069955*))],scope >=> [2], pagesize => [1024] > smbldap_search_paged: base => [dc=example,dc=sk], filter => >[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S >-1-5-21-2390795950-2727105968-4008069955*))],scope >=> [2], pagesize => [1024] > smbldap_search_paged: base => [dc=example,dc=sk], filter => >[(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S >-1-5-32*))],scope >=> [2], pagesize => [1024] > >If I try to search in ldap with that filter, I always get zero matches. > >I also tried to use wbinfo, wbinfo -u list all my users, >wbinfo -g list is >empty. If I try getent passwd and getent group I see all my users and >groups. >Can somebody help me with this? > >Thank you! >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba