i have runnig a smb ldap ( idealix scripts, suse 9.0 ) pdc with a few bdcs connected via openvpn. This works like charme, now i included valid users = %S in the home share of the ldap pdc for security reason Samba version is 3.04 then i started to create a global group with usrmgr as i did it many times before. It fails serveral times ( the created group could be seen in ldap, but not in the usrmgr ) as i removed valid users = %S in the home share of the pdc , it works again. whats the miracle about that?
Please add your smb.conf file and debug level 10 logs of the failing attempt to work with usrmgr.exe. Thanks, Volker
(In reply to comment #1) > Please add your smb.conf file and debug level 10 logs of the failing attempt to > work with usrmgr.exe. > > Thanks, > > Volker Hi Vilker, the failure gots up on a produktion system so thers no way to get up to log level 10 , and i have no more smb ldap installs at now but heres the conf , i have no other failures with 150 win machines 2 bdcs and about 100 users in 3 offices conected via vpn [global] interfaces = 127.0.0.1 eth0 eth0:0 eth0:1 eth0:2 eth0:3 bind interfaces only = true name resolve order = wins bcast lmhosts host printing = cups printcap name = cups load printers = yes unix charset = ISO8859-1 display charset = ISO8859-1 wins partners = 10.10.11.2 10.10.1.1 10.10.11.1 192.168.1.2 10.10.21.2 workgroup = KOESLING netbios name = PDC admin users = @"Domain Admins" guest account = nobody server schannel = auto server string = Samba Server %v security = user encrypt passwords = yes min passwd length = 6 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 100000 domain logons = Yes os level = 255 preferred master = Yes domain master = Yes local master = Yes wins support = Yes wins proxy = Yes dns proxy = Yes time server = Yes passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://10.10.11.2/" ldap admin dn = cn=Manager,dc=koesling,dc=local ldap suffix = dc=koesling,dc=local ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -P "%u" ldap delete dn = Yes delete user script = /usr/local/sbin/smbldap-userdel.pl -r "%u" add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u" add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g" add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g" "%u" passwd program = /usr/local/sbin/smbldap-passwd.pl "%u" utmp = Yes host msdfs = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 remote browse sync = 10.10.1.255 10.10.11.255 192.168.99.255 192.168.98.255 10.10.21.255 remote announce = 10.10.1.1 10.10.11.1 10.10.11.2 192.168.1.2 10.10.21.2 use sendfile = Yes shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind cache time = 10 nt acl support = yes [homes] comment = Home of %U on %L read only = No vfs objects = vscan-clamav, netatalk, audit, recycle:repository, recycle:keeptree, recycle:versions recycle: keeptree = yes recycle: versions = yes veto files = /*.eml/*.nws/riched20.dll/*.{*}/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/.*/ hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/ csc policy = manual browseable = No #this breaks usmgr on pdc never use it # valid users = %S [netlogon] path = /var/lib/samba/netlogon/ read only = no write list = @"Domain Admins" browseable = No csc policy = disable locking = No vfs objects = vscan-clamav, audit [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable vfs objects = vscan-clamav, audit [data] comment = data path = /data read only = No guest ok = Yes browseable = Yes vfs objects = vscan-clamav, netatalk, audit, recycle recycle:keeptree = yes recycle:versions = yes recycle:repository = .recycle/.recycle.%u hide files = /.recycle.*/.recycle/ veto files = /.recycle.*/.recycle/ locking = No [chiefsdata] comment = chiefsdata path = /chiefsdata read only = No guest ok = No browseable = No vfs objects = vscan-clamav, netatalk, audit, recycle:repository, recycle:keeptree, recycle:versions recycle: keeptree = yes recycle: versions = yes write list = @"chiefs" read list = @"chiefs" valid users = @"chiefs" #locking = No [ideal] comment = ideal path = /ideal read only = No guest ok = Yes writeable = Yes browseable = Yes public = Yes vfs objects = audit, recycle:repository, recycle:keeptree, recycle:versions create mask = 0777 directory mask = 0777 locking = No [toolshist] comment = history files of tools path = /toolshist read only = No guest ok = No browseable = No vfs objects = vscan-clamav, netatalk, audit, recycle:repository, recycle:keeptree, recycle:versions recycle: keeptree = yes recycle: versions = yes write list = @"tooluser", @"Domain Admins" read list = @"Domain Users" #locking = No [data-backup] comment = data backup path = /backup/data-backup read only = No guest ok = No browseable = No vfs objects = vscan-clamav, audit write list = @"Domain Admins" read list = @"Domain Admins" valid users = @"Domain Admins" locking = No [print$] comment = printer driver area path = /var/lib/samba/drivers browsable = yes read only = yes guest ok = yes write list = @"Domain Admins" locking = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = no read only = No locking = No [pdfwriter] comment = PDF File Generator path = /var/spool/samba printable = yes guest ok = Yes browseable = yes default devmode = Yes read only = No printer admin = rruegner locking = No [lext630] comment = Lexmark T630 path = /var/spool/samba printable = yes guest ok = Yes browseable = yes default devmode = Yes read only = No printer admin = rruegner [oce9400] comment = oce9400 path = /var/spool/samba printable = yes guest ok = Yes browseable = yes default devmode = Yes read only = No printer admin = rruegner [dvd] comment = server dvd path = /media/dvd read only = yes guest ok = Yes browseable = Yes csc policy = disable locking = no
please retest against 3.0.11 and reopen if the bug is still present.
(In reply to comment #3) > please retest against 3.0.11 and reopen if the bug is still present. Hi Jerry , i testet it with Samba Version 3.0.9-2.1-SUSE and from there the bug is gone, sorry i forgot to set it to solved for me. The Setup was equal smb ldap pdc ( idealix scripts ) I will test it against 3.0.11 and report if it comes up again Best Regards Robert
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.