-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/31/2006 07:05 AM, Diarmuid Bourke escreveu: >>>On 08/28/2006 09:49 AM, Diarmuid Bourke escreveu: [...] >>>>Our Samba Groups appear to have vanished. >>>> >>>>I've verified this by trying, "net group /domain" in windows and it >>>>returns no results. Trying "net rpc group -S nuada" on our master server >>>>returns nothing either. >>>>"net rpc info" on both our master and backup return >>>> >>>>Domain Name: DIAS >>>>Domain SID: S-1-5-21-463069746-3761697030-3888642000 >>>>Sequence number: 1156762378 >>>>Num users: 63 >>>>Num domain groups: 0 >>>>Num local groups: 0 >>> >>> Try improve the debuglevel (-d) when using net, it could >>>reveal some nice information to help you out (and also help the >>>rest of us to help you). :-) > > Heres the output of "net rpc group list -d3 -S nuada" > using debug > ------------------------------ > [2006/08/31 10:26:57, 3] param/loadparm.c:lp_load(4207) > lp_load: refreshing parameters > [2006/08/31 10:26:57, 3] param/loadparm.c:init_globals(1393) > Initialising global parameters > [2006/08/31 10:26:57, 3] param/params.c:pm_process(574) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/08/31 10:26:57, 3] param/loadparm.c:do_section(3662) > Processing section "[global]" > [2006/08/31 10:26:57, 2] lib/interface.c:add_interface(81) > added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_lmhosts(855) > resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name nuada<0x20> > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(755) > resolve_wins: WINS server resolution selected and no WINS servers listed. > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_hosts(917) > resolve_hosts: Attempting host lookup for name nuada<0x20> > Password: > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=nuada > [2006/08/31 10:27:02, 3] lib/util_sock.c:open_socket_out(870) > Connecting to 160.6.1.102 at port 445 > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710) > Doing spnego session setup (blob length=58) > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(735) > got OID=1 3 6 1 4 1 311 2 2 10 > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(744) > got principal=NONE > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(929) > Got challenge flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60890215 > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(951) > NTLMSSP: Set final flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/08/31 10:27:02, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x7624 bind > request returned ok. > [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x7625 bind > request returned ok. > [2006/08/31 10:27:03, 2] utils/net.c:main(878) > return code = 0 > ----------------------- > > and for "net rpc info -d3 -S nuada" > ----------------------------- > [2006/08/31 10:28:27, 3] param/loadparm.c:lp_load(4207) > lp_load: refreshing parameters > [2006/08/31 10:28:27, 3] param/loadparm.c:init_globals(1393) > Initialising global parameters > [2006/08/31 10:28:27, 3] param/params.c:pm_process(574) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/08/31 10:28:27, 3] param/loadparm.c:do_section(3662) > Processing section "[global]" > [2006/08/31 10:28:27, 2] lib/interface.c:add_interface(81) > added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_lmhosts(855) > resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(755) > resolve_wins: WINS server resolution selected and no WINS servers listed. > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_hosts(917) > resolve_hosts: Attempting host lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=nuada > [2006/08/31 10:28:27, 3] lib/util_sock.c:open_socket_out(870) > Connecting to 160.6.1.102 at port 445 > [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x76f4 bind > request returned ok. > [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x76f5 bind > request returned ok. > Domain Name: DIAS > Domain SID: S-1-5-21-463069746-3761697030-3888642000 > Sequence number: 1157016508 > Num users: 63 > Num domain groups: 0 > Num local groups: 0 > [2006/08/31 10:28:28, 2] utils/net.c:main(878) > return code = 0 > ------------------------------- > > >>>>Groups used work until recently and they exist in our ldap database. We >>>>have a primary domain controller with the master ldap database on it and >>>>a backup domain controller with a slave ldap database on it. Our version >>>>of samba is Version 3.0.23 and openldap is 2.3.24 >>> >>> Any special event between it working and non-working >>>status? Maybe a power failure, disk failure, system upgrade, >>>LDAP changes, anything... > > There was a recompile of OpenLDAP (with the same compile switches as > previous) and the associated applications (nss_ldap, lookupd).
Did you try to remap the groups using net groupmap? >>>>Trying an ldapsearch to show groups exist in ldap returns.. >>>>ldapsearch -x -b cn=geotech,ou=group,dc=cp,dc=dias,dc=ie > > *snip* > >>> So, as I understood, the group *is* there. :-) > > Yes but samba isn't seeing them.. :-( The groupmap should bring you back. ;) But, there are some changes in the Group Mapping in Samba 3.0.23, and I'm not quite sure why your groups are not being listed since you have the right parameters. http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2568835 http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html#id2550114 >>> Could you try to check 'net groupmap' man page >>>section, it perhaps could give you more info (do not forget >>>about the debuglevel). > > Here is "net groupmap list -S nuada -d3" > ---------------------- > [2006/08/31 11:01:54, 3] param/loadparm.c:lp_load(4207) > lp_load: refreshing parameters > [2006/08/31 11:01:54, 3] param/loadparm.c:init_globals(1393) > Initialising global parameters > [2006/08/31 11:01:54, 3] param/params.c:pm_process(574) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/08/31 11:01:54, 3] param/loadparm.c:do_section(3662) > Processing section "[global]" > [2006/08/31 11:01:54, 2] lib/interface.c:add_interface(81) > added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Admins (S-1-5-21-1935741066-3473949400-2852468943-512) -> -1 > Domain Guests (S-1-5-21-1935741066-3473949400-2852468943-514) -> -1 > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Domain Users (S-1-5-21-1935741066-3473949400-2852468943-513) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > [2006/08/31 11:01:54, 2] utils/net.c:main(878) > return code = 0 > -------------------------- > > *snip* There are no groupmaps. You should also run testparm, and increase the debuglevel a little bit more, I'm running out of options. Sorry. :-( >>> Hope this helps. >>> Kind regards, > > *snip* > Thanks again, > Diarmuid. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9wA9Cj65ZxU4gPQRAjmwAJ9MK1YOVwTC/eLAcbM0EcxqeMvLvgCgmQPq NskXoIHnFzer42gBE0oY2Vs= =Dg4d -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba