On Sat, Jan 31, 2009 at 6:44 AM, Ray Klassen <rayklas...@gmail.com> wrote: > On Fri, Jan 30, 2009 at 10:27 AM, Jeremy Allison <j...@samba.org> wrote: >> On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote: >>> I have a network of about 100+ users with a Samba 3.0.25 server with >>> an LDAP backend that I configured myself (with some help). Recently I >>> have had to add about 300 more users to my system and now I need to >>> get a slightly less technical person to help me manage the accounts. >>> I've been happily using smbldap-tools all of this time, but when I >>> showed what I do to my hapless trainee, her eyes started to glaze >>> over. So as an alternative I'd like to start using the 'User Manager >>> for Domains' in the SRVTOOLS.EXE archive. She might find the point and >>> click of it all more friendly. Only thing is, when I start up User >>> Manager, I can see all the users, but I can't see the groups. So I did >>> a bit of checking and found that nowhere are those available as a >>> list. Not even 'net rpc group list' will give me a list, even though >>> if I add someone to my Domain Admins group everything works correctly. >>> At the windows workstation end I can access the groups by name, to set >>> the permissions of a share to certain group, etc. but I can't list >>> them as I can the users.I've checked all the files... >>> smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive >>> matches up with the right ldap 'ou' and so on. Has anyone any >>> pointers? >> >> There was a bug in earlier versions of the smbldap-tools >> that creates groups with the wrong sid-type. I'd suggest >> upgrading to 3.0.34 (latest 3.0.x release) and then ensuring >> the group-type is changed in your LDAP db (I think it should be >> type 5, rather than type 4 but this could be the other way >> around :-). >> >> Jeremy. >> > > > 3.0.34 is now installed. no change. 'net rpc list groups' returns > nothing, while 'net rpc group members <group>' returns the correct > data > > tried changing the group type on a few groups. no change in behavior there. > > cleaned up some error messages in my slapd.log where I assume samba > was requesting indexes from slapd.log. just told slap.conf to index > those attributes and the messages went away. > > Upping the loglevel in slapd.conf... >
looking at the slapd logging after a 'net rpc list groups' it locates 57 groups and then queries the sambaSIDList attribute on each one. (which I said earlier I wasn't set) After which it records 'bdb_search: no candidates' and thats that... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba