Hi all,
I have a Solaris 10 (update 4) box (x86) that is joined to an active
directory via samba/winbind (3.0.25c version included with Solaris
including latest patches).
The users are working fine however their group membership is not.
Users that should be members of certain groups do not seem to be: in
that if I run 'groups' and check the group member ship for my domain
account I am missing entry of some groups yet I can verify that I should
be a member of the missing groups by running 'getent group
"domain\\group name"' and seeing my domain username entered.
winbind has the following parameters set
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
I am at a loss as to why it picks up some groups and not others.
The name service cache deamon is not running.
wbinfo -u, -g, and -t all report correctly
Has anyone come across something similar or know how to solve this
issue?
-- smb.conf --
[global]
workgroup = NDS-UK
realm = UK.NDS.COM
server string = SCG NAS server
security = ADS
use kerberos keytab = true
;password server = ukdc2.uk.nds.com
;passdb backend = tdbsam
encrypt passwords = true
log file = /var/samba/log/log.%m
max log size = 50
load printers = No
os level = 33
domain master = No
wins proxy = Yes
wins server = 172.20.126.100, 172.18.253.100
ldap ssl = no
# winbind configuration:
;winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
;template homedir = /samba/pchome/%D/%U
template shell = /usr/bin/bash
idmap domains = NDS-UK
idmap config NDS-UK:default = yes
idmap config NDS-UK:backend = tdb
idmap config NDS-UK:range = 10000-20000
idmap alloc backend = tdb
idmap alloc config:range = 10000-20000
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[TSFiles]
comment = MPEG-2 transport streams
path = /zfs/internal/streams
writeable = true
;user = @"NDS-UK\\domain users"
vfs objects = zfsacl
nfs4: mode = special
;inherit permissions = true
; root prexexec = /usr/bin/snapshot_date.sh
/zfs/internal/streams
-- end smb.conf --
-- nsswitch.conf --
passwd: files winbind
group: files winbind
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes
databases
# before searching the hosts databases.
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system
will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
-- end nsswitch.conf --
Regards,
James
*********************************************************************************************************
This e-mail is confidential, the property of NDS Ltd and intended for the
addressee only. Any dissemination, copying or distribution of this message or
any attachments by anyone other than the intended recipient is strictly
prohibited. If you have received this message in error, please immediately
notify the [EMAIL PROTECTED] and destroy the original message. Messages sent
to and from NDS may be monitored. NDS cannot guarantee any message delivery
method is secure or error-free. Information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or contain viruses. We do not
accept responsibility for any errors or omissions in this message and/or
attachment that arise as a result of transmission. You should carry out your
own virus checks before opening any attachment. Any views or opinions
presented are solely those of the author and do not necessarily represent those
of NDS.
To protect the environment please do not print this e-mail unless necessary.
NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road, West
Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered in England
and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
**********************************************************************************************************
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
