Re: [Samba] Samba+LDAP + Primary GIDs
ldap.conf/nsswitch.conf/ldap.secrets all exist. Something might be wrong with the set up on the PDC side - when I run "net groupmap list" , all of my mappings correctly show up. But when I run a "net rpc group list" on the PDC, only 2 groups (most recently created) are displayed. Kris Lou k...@themusiclink.net On Fri, Jan 29, 2010 at 2:20 PM, Rob Shinn wrote: > Kris Lou wrote: > >> PDC Results: >> SID for local machine KIF is: S-1-5-21-1297059763-2273326489-166094 >> SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 >> >> Openfiler Results: >> SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 >> SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 >> >> As you can see, the domain SIDs match. >> >> Also, here's the global portion of the Openfiler smb.conf and an example >> share (portions edited). About this - I can obviously edit the smb.conf, but >> it gets overwritten by the Openfiler gui whenever changes are made. Looking >> at the file, I'm not understanding where the group security settings are >> being placed. It looks like Openfiler runs with Samba 3.2.13 >> > > Is nss-ldap installed on the Openfiler? If so, is it pointing to the LDAP > server on the Samba+LDAP machine? > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+LDAP + Primary GIDs
Kris Lou wrote: PDC Results: SID for local machine KIF is: S-1-5-21-1297059763-2273326489-166094 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 Openfiler Results: SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 As you can see, the domain SIDs match. Also, here's the global portion of the Openfiler smb.conf and an example share (portions edited). About this - I can obviously edit the smb.conf, but it gets overwritten by the Openfiler gui whenever changes are made. Looking at the file, I'm not understanding where the group security settings are being placed. It looks like Openfiler runs with Samba 3.2.13 Is nss-ldap installed on the Openfiler? If so, is it pointing to the LDAP server on the Samba+LDAP machine? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+LDAP + Primary GIDs
PDC Results: SID for local machine KIF is: S-1-5-21-1297059763-2273326489-166094 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 Openfiler Results: SID for local machine VADER is: S-1-5-21-2859034502-3981372097-2611941478 SID for domain MLC is: S-1-5-21-957249707-1866601452-441284377 As you can see, the domain SIDs match. Also, here's the global portion of the Openfiler smb.conf and an example share (portions edited). About this - I can obviously edit the smb.conf, but it gets overwritten by the Openfiler gui whenever changes are made. Looking at the file, I'm not understanding where the group security settings are being placed. It looks like Openfiler runs with Samba 3.2.13 # Global settings [global] workgroup = MLC server string = Openfiler NAS netbios name = VADER wins server = pdc.ip.add.ress //edited password server = pdc.ip.add.ress //edited realm = ; interfaces = 192.168.12.2/24 192.168.13.2/24 ; remote announce = 92.168.1.255 192.168.2.44 ; domain logons = yes log file = /var/log/samba/%m.log max log size = 0 ; hosts deny = all map to guest = Bad User guest account = ofguest display charset = LOCALE unix charset = UTF-8 dos charset = CP850 ldap ssl = no ldap admin dn = //edited ldap suffix = //edited encrypt passwords = yes security = user passdb backend = ldapsam:ldap://pdc.ip.add.ress //edited ldap user suffix = ou=People ldap group suffix = ou=Group smb passwd file = /etc/samba/smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes ; username map = /etc/samba/smbusers obey pam restrictions = yes load printers = no domain master = no local master = no preferred master = no os level = 0 [Purchasing] comment = Purchasing Share path = /mnt/fileshare/Purchasing/Purchasing read only = no writeable = yes oplocks = yes level2 oplocks = yes force security mode = 0 dos filemode = yes dos filetime resolution = yes dos filetimes = yes fake directory create times = yes browseable = yes csc policy = manual share modes = yes veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/ veto files = /*:Zone.Identifier:*/ create mode = 0770 directory mode = 2770 printable = no guest ok = no hosts allow = 23.23.23.0/24 hosts readonly allow = store dos attributes = yes map acl inherit = yes vfs objects = shadow_copy Kris Lou k...@themusiclink.net On Sat, Jan 23, 2010 at 3:34 PM, Rob Shinn wrote: > What does your 'net getdomainsid' or 'net getlocalsid' output look like? > > > Kris Lou wrote: > > Hi Rob, > > Thanks for the quick reply - Here it is (mostly with some cut and paste). > > CentOS 5.4 > Samba 3.2.15 > > dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Administrators > sambaSID: S-1-5-21-957249707-1866601452-441284377-512 > sambaGroupType: 2 > displayName: Domain Admins > structuralObjectClass: posixGroup > entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 512 > cn: Domain Admins > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > memberUid: > entryCSN: 20091028001757Z#01#00#00 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091028001757Z > > dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-513 > sambaGroupType: 2 > displayName: Domain Users > structuralObjectClass: posixGroup > entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > gidNumber: 513 > cn: Domain Users > userPassword:: e2NyeXB0fXg= > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > memberUid: > memberUid: > entryCSN: 20091215225639Z#01#00#00 > modifiersName: cn=Manager,dc=themusiclink,dc=net > modifyTimestamp: 20091215225639Z > > dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net > description: Netbios Domain Guests Users > sambaSID: S-1-5-21-957249707-1866601452-441284377-514 > sambaGroupType: 2 > displayName: Domain Guests > structuralObjectClass: posixGroup > entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 > creatorsName: cn=Manager,dc=themusiclink,dc=net > createTimestamp: 20090507234700Z > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > gidNumber: 514 > cn: Domain Guests > userPassword:: e2NyeXB0fXg= > memberUid: design > memberUid: fedex > memberUid: infobox > memberUid: mailbox > memberUid: test > entryCSN: 20090521203023Z#0
Re: [Samba] Samba+LDAP + Primary GIDs
What does your 'net getdomainsid' or 'net getlocalsid' output look like? Kris Lou wrote: Hi Rob, Thanks for the quick reply - Here it is (mostly with some cut and paste). CentOS 5.4 Samba 3.2.15 dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Administrators sambaSID: S-1-5-21-957249707-1866601452-441284377-512 sambaGroupType: 2 displayName: Domain Admins structuralObjectClass: posixGroup entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 512 cn: Domain Admins userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: memberUid: entryCSN: 20091028001757Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091028001757Z dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Users sambaSID: S-1-5-21-957249707-1866601452-441284377-513 sambaGroupType: 2 displayName: Domain Users structuralObjectClass: posixGroup entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 513 cn: Domain Users userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: entryCSN: 20091215225639Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091215225639Z dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Guests Users sambaSID: S-1-5-21-957249707-1866601452-441284377-514 sambaGroupType: 2 displayName: Domain Guests structuralObjectClass: posixGroup entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests userPassword:: e2NyeXB0fXg= memberUid: design memberUid: fedex memberUid: infobox memberUid: mailbox memberUid: test entryCSN: 20090521203023Z#02#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090521203023Z dn: cn=Domain Computers,ou=Group,dc=themusiclink,dc=net objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-957249707-1866601452-441284377-515 sambaGroupType: 2 displayName: Domain Computers structuralObjectClass: posixGroup entryUUID: 1a8ab492-cfad-102d-96b3-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z entryCSN: 20090507234700Z#04#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507234700Z dn: cn=Administrators,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators structuralObjectClass: posixGroup entryUUID: 1a905d16-cfad-102d-96b4-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators userPassword: memberUid: administrator memberUid: root entryCSN: 20090516003337Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090516003337Z dn: sambaDomainName=MLC,dc=themusiclink,dc=net objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: MLC sambaSID: S-1-5-21-957249707-1866601452-441284377 structuralObjectClass: sambaDomain entryUUID: 1aab5d3c-cfad-102d-96b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234701Z sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaPwdHistoryLength: 0 gidNumber: 1033 uidNumber: 1043 sambaNextRid: 1100 entryCSN: 20100104223853Z#02#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20100104223853Z n: cn=TML.Accounting,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Accounting userPassword:: e2NyeXB0fXg= gidNumber: 1145 structuralObjectClass: posixGroup entryUUID: 90185732-cfad-102d-97b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1011 sambaGroupType: 2 displayName: TML Accounting description: Domain Unix group memberUid: mailman memberUid: mtong memberUid: psmith memberUid: spatrino memberUid: klou memberUid: tocampo entryCSN: 20091202193050Z#03#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193050Z dn: cn=TML.CustomerService,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroup
Re: [Samba] Samba+LDAP + Primary GIDs
Hi Rob, Thanks for the quick reply - Here it is (mostly with some cut and paste). CentOS 5.4 Samba 3.2.15 dn: cn=Domain Admins,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Administrators sambaSID: S-1-5-21-957249707-1866601452-441284377-512 sambaGroupType: 2 displayName: Domain Admins structuralObjectClass: posixGroup entryUUID: 1a60146c-cfad-102d-96b0-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 512 cn: Domain Admins userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: memberUid: entryCSN: 20091028001757Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091028001757Z dn: cn=Domain Users,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Users sambaSID: S-1-5-21-957249707-1866601452-441284377-513 sambaGroupType: 2 displayName: Domain Users structuralObjectClass: posixGroup entryUUID: 1a7ebb60-cfad-102d-96b1-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z gidNumber: 513 cn: Domain Users userPassword:: e2NyeXB0fXg= objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping memberUid: memberUid: entryCSN: 20091215225639Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091215225639Z dn: cn=Domain Guests,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Guests Users sambaSID: S-1-5-21-957249707-1866601452-441284377-514 sambaGroupType: 2 displayName: Domain Guests structuralObjectClass: posixGroup entryUUID: 1a845502-cfad-102d-96b2-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests userPassword:: e2NyeXB0fXg= memberUid: design memberUid: fedex memberUid: infobox memberUid: mailbox memberUid: test entryCSN: 20090521203023Z#02#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090521203023Z dn: cn=Domain Computers,ou=Group,dc=themusiclink,dc=net objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-957249707-1866601452-441284377-515 sambaGroupType: 2 displayName: Domain Computers structuralObjectClass: posixGroup entryUUID: 1a8ab492-cfad-102d-96b3-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z entryCSN: 20090507234700Z#04#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090507234700Z dn: cn=Administrators,ou=Group,dc=themusiclink,dc=net description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators structuralObjectClass: posixGroup entryUUID: 1a905d16-cfad-102d-96b4-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234700Z objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators userPassword: memberUid: administrator memberUid: root entryCSN: 20090516003337Z#01#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20090516003337Z dn: sambaDomainName=MLC,dc=themusiclink,dc=net objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: MLC sambaSID: S-1-5-21-957249707-1866601452-441284377 structuralObjectClass: sambaDomain entryUUID: 1aab5d3c-cfad-102d-96b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507234701Z sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaPwdHistoryLength: 0 gidNumber: 1033 uidNumber: 1043 sambaNextRid: 1100 entryCSN: 20100104223853Z#02#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20100104223853Z n: cn=TML.Accounting,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.Accounting userPassword:: e2NyeXB0fXg= gidNumber: 1145 structuralObjectClass: posixGroup entryUUID: 90185732-cfad-102d-97b9-6fd9fc452718 creatorsName: cn=Manager,dc=themusiclink,dc=net createTimestamp: 20090507235018Z sambaSID: S-1-5-21-957249707-1866601452-441284377-1011 sambaGroupType: 2 displayName: TML Accounting description: Domain Unix group memberUid: mailman memberUid: mtong memberUid: psmith memberUid: spatrino memberUid: klou memberUid: tocampo entryCSN: 20091202193050Z#03#00#00 modifiersName: cn=Manager,dc=themusiclink,dc=net modifyTimestamp: 20091202193050Z dn: cn=TML.CustomerService,ou=Group,dc=themusiclink,dc=net objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: TML.CustomerService userPassword:: e2NyeXB0fXg= gidNumber: 1030 structuralObject
Re: [Samba] Samba+LDAP + Primary GIDs
Kris Lou wrote: I've checked my ldif's - the groups exist, the users exists as memberids, but it looks like samba is only checking the gid? Can you post the LDIFs of your groups (you can edit out any incriminating evidence ;)? Sounds like your groups are lacking correct sambaSID or sambaGroupType attributes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
