Bug 1510 - ldp pdc ,valid users = %S, usrmgr new groups are not shown
ldp pdc ,valid users = %S, usrmgr new groups are not shown
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.4
x86 Windows 2000
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-08 10:41 UTC by Robert Ruegner
Modified: 2005-08-24 10:15 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Ruegner 2004-07-08 10:41:38 UTC
i have runnig a smb ldap ( idealix scripts, suse 9.0 ) pdc with a few bdcs 
connected via openvpn.
This works like charme, now i included
valid users = %S in the home share of the ldap pdc for security reason
Samba version is 3.04
then i started to create a global group with usrmgr as i did it many times 
before.
It fails serveral times ( the created group could be seen in ldap,
but not in the usrmgr )
as i removed valid users = %S in the home share of the pdc , it works again.
whats the miracle about that?
Comment 1 Volker Lendecke 2004-07-14 07:45:49 UTC
Please add your smb.conf file and debug level 10 logs of the failing attempt to
work with usrmgr.exe.

Thanks,

Volker
Comment 2 Robert Ruegner 2004-07-14 12:27:45 UTC
(In reply to comment #1)
> Please add your smb.conf file and debug level 10 logs of the failing attempt to
> work with usrmgr.exe.
> 
> Thanks,
> 
> Volker

Hi Vilker,
the failure gots up on a produktion system so thers no way to get
up to log level 10 , and i have no more smb ldap installs at now
 but heres the conf , i have no other failures with 150 win machines
2 bdcs and about 100 users in 3 offices conected via vpn
[global]
   interfaces = 127.0.0.1 eth0 eth0:0 eth0:1 eth0:2 eth0:3
   bind interfaces only = true
   name resolve order = wins bcast lmhosts host 
   printing = cups
   printcap name = cups 
   load printers = yes
   unix charset = ISO8859-1
   display charset = ISO8859-1
   wins partners = 10.10.11.2 10.10.1.1 10.10.11.1 192.168.1.2 10.10.21.2
   workgroup = KOESLING
   netbios name = PDC
   admin users = @"Domain Admins"
   guest account = nobody
   server schannel = auto
   server string = Samba Server %v
   security = user
   encrypt passwords = yes
   min passwd length = 6
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
   ldap passwd sync = Yes
   log level = 2
   syslog = 0
   log file = /var/log/samba/%m.log
   max log size = 100000
   domain logons = Yes
   os level = 255
   preferred master = Yes
   domain master = Yes
   local master = Yes
   wins support = Yes
   wins proxy = Yes
   dns proxy = Yes
   time server = Yes
   passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://10.10.11.2/"
   ldap admin dn = cn=Manager,dc=koesling,dc=local
   ldap suffix = dc=koesling,dc=local
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Users
   ldap ssl = no
   add user script = /usr/local/sbin/smbldap-useradd.pl -a -m -P "%u"
   ldap delete dn = Yes
   delete user script = /usr/local/sbin/smbldap-userdel.pl -r "%u"
   add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u"
   add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
   delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
   add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x "%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g" "%u"
   passwd program = /usr/local/sbin/smbldap-passwd.pl "%u"
   utmp = Yes
   host msdfs = Yes
   idmap uid = 15000-20000
   idmap gid = 15000-20000
   remote browse sync = 10.10.1.255 10.10.11.255 192.168.99.255 192.168.98.255
10.10.21.255 
   remote announce = 10.10.1.1 10.10.11.1 10.10.11.2 192.168.1.2 10.10.21.2
   use sendfile = Yes
   shutdown script = /sbin/shutdown
   abort shutdown script = /sbin/shutdown -c
   socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind cache time = 10
   nt acl support = yes

[homes]
   comment = Home of %U on %L 
   read only = No
   vfs objects = vscan-clamav, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions
   recycle: keeptree = yes
   recycle: versions = yes
   veto files =
/*.eml/*.nws/riched20.dll/*.{*}/.AppleDouble/.bin/.AppleDesktop/Network Trash
Folder/.*/
   hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
   csc policy = manual
   browseable = No
#this breaks usmgr on pdc never use it
#   valid users = %S

[netlogon]
   path = /var/lib/samba/netlogon/
   read only = no
   write list = @"Domain Admins"
   browseable = No
   csc policy = disable
   locking = No 
   vfs objects = vscan-clamav, audit

[profiles]
   path = /var/lib/samba/profiles
   read only = no
   create mask = 0600
   directory mask = 0700
   browseable = No
   guest ok = Yes
   profile acls = yes
   csc policy = disable
   vfs objects = vscan-clamav, audit

[data]
   comment = data
   path = /data
   read only = No
   guest ok = Yes
   browseable = Yes
   vfs objects = vscan-clamav, netatalk, audit, recycle
   recycle:keeptree = yes
   recycle:versions = yes
   recycle:repository = .recycle/.recycle.%u
   hide files = /.recycle.*/.recycle/
   veto files = /.recycle.*/.recycle/
   locking = No

[chiefsdata]
   comment = chiefsdata
   path = /chiefsdata
   read only = No
   guest ok = No
   browseable = No
   vfs objects = vscan-clamav, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions
   recycle: keeptree = yes
   recycle: versions = yes
   write list = @"chiefs"
   read list =  @"chiefs"
   valid users = @"chiefs"
   #locking = No


[ideal]
   comment = ideal
   path = /ideal
   read only = No
   guest ok = Yes
   writeable = Yes
   browseable = Yes
   public = Yes
   vfs objects = audit, recycle:repository, recycle:keeptree, recycle:versions
   create mask = 0777
   directory mask = 0777
   locking = No

[toolshist]
   comment = history files of tools
   path = /toolshist
   read only = No
   guest ok = No
   browseable = No
   vfs objects = vscan-clamav, netatalk, audit, recycle:repository,
recycle:keeptree, recycle:versions
   recycle: keeptree = yes
   recycle: versions = yes
   write list = @"tooluser", @"Domain Admins"
   read list =  @"Domain Users"
   #locking = No

[data-backup]
   comment = data backup
   path = /backup/data-backup
   read only = No
   guest ok = No
   browseable = No
   vfs objects = vscan-clamav, audit
   write list = @"Domain Admins"
   read list =  @"Domain Admins"
   valid users = @"Domain Admins"
   locking = No

[print$]
        comment = printer driver area
        path = /var/lib/samba/drivers
        browsable = yes
        read only = yes
        guest ok = yes
        write list = @"Domain Admins"  
        locking = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        guest ok = Yes
        printable = Yes
        browseable = no
        read only = No
	locking = No

[pdfwriter]
        comment = PDF File Generator
        path = /var/spool/samba
        printable = yes
        guest ok = Yes
        browseable = yes
        default devmode = Yes
        read only = No
        printer admin = rruegner
	locking = No

[lext630]
        comment = Lexmark T630
        path = /var/spool/samba
        printable = yes
        guest ok = Yes
        browseable = yes
        default devmode = Yes
        read only = No
        printer admin = rruegner

[oce9400]
        comment = oce9400
        path = /var/spool/samba
        printable = yes
        guest ok = Yes
        browseable = yes
        default devmode = Yes
        read only = No
        printer admin = rruegner
[dvd]
        comment = server dvd 
        path = /media/dvd
        read only = yes
        guest ok = Yes
        browseable = Yes
        csc policy = disable
        locking = no
    
    
Comment 3 Gerald (Jerry) Carter 2005-02-08 07:22:14 UTC
please retest against 3.0.11 and reopen if the bug is still present.
Comment 4 Robert Schetterer 2005-02-08 08:44:33 UTC
(In reply to comment #3)
> please retest against 3.0.11 and reopen if the bug is still present.

Hi Jerry ,
i testet it with Samba Version 3.0.9-2.1-SUSE
and from there the bug is gone, sorry i forgot to set it to solved for me.
The Setup was equal smb ldap pdc ( idealix scripts )
I will test it against 3.0.11 and report if it comes up again
Best Regards Robert
Comment 5 Robert Schetterer 2005-02-08 08:45:35 UTC
(In reply to comment #3)
> please retest against 3.0.11 and reopen if the bug is still present.

Hi Jerry ,
i testet it with Samba Version 3.0.9-2.1-SUSE
and from there the bug is gone, sorry i forgot to set it to solved for me.
The Setup was equal smb ldap pdc ( idealix scripts )
I will test it against 3.0.11 and report if it comes up again
Best Regards Robert
Comment 6 Gerald (Jerry) Carter 2005-08-24 10:15:23 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.