I'm running Samba 3.0.7 with LDAP backend. I've got several custom groups: oink:~ # net groupmap list acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain Admins Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) -> Domain Users Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514) -> Domain Guests Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) -> Workgroup Computers Administrators (S-1-5-32-544) -> Administrators acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) -> receptionist engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr If I run "net rpc group members <groupname>" on some groups, I get a different (incorrect) result when I run as root, but I get the correct result if I run as another user. The interesting thing is, if root has been a member in the past but was taken out, I get incorrect results like the first two below. If root has never been a member, I get correct results like the third item below. oink:~ # net rpc group members engr Password: CORP1\root oink:~ # net rpc group members acct Password: CORP1\root oink:~ # net rpc group members hr Password: CORP1\cheri CORP1\carl If I run the same commands as a non-privileged user, I get correct results all the way around: misty@oink:~> net rpc group members engr Password: CORP1\pat CORP1\chuck CORP1\jeremy CORP1\jerry CORP1\paul CORP1\roger CORP1\todd misty@oink:~> net rpc group members acct Password: CORP1\brandon CORP1\carl CORP1\lorene CORP1\angie CORP1\chad CORP1\cheri misty@oink:~> net rpc group members hr Password: CORP1\cheri CORP1\carl Here is some further data: misty@oink:~> net rpc user info root Password: Domain Admins Domain Users oink:~ # smbldap-usershow root dn: cn=root,ou=people,dc=borkholder,dc=com objectClass: account,posixAccount,top,sambaSamAccount cn: root uid: root uidNumber: 0 gidNumber: 0 loginShell: /bin/bash homeDirectory: /root displayName: root sambaPwdCanChange: 1095966471 sambaPwdMustChange: 2147483647 sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678 sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000 sambaPwdLastSet: 1095966471 sambaAcctFlags: [U ] userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2 sambaSID: S-1-5-21-725326080-1709766072-2910717368-500 sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512 oink:~ # smbldap-groupshow engr dn: cn=engr,ou=groups,dc=borkholder,dc=com cn: engr gidNumber: 1001 displayName: engr sambaGroupType: 2 objectClass: top,posixGroup,sambaGroupMapping sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001 memberUid: pat,chuck,jeremy,jerry,paul,roger,todd This would not be a major issue I guess, except that I have logon scripts that are based on group membership. These logon scripts get run correctly for everyone but root.
[2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 16384 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 16384 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/15 11:11:09, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: ldapsam:ldap://localhost [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'smbpasswd' [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend tdbsam [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'tdbsam' [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend guest [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'guest' [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend ldapsam [2004/10/15 11:11:09, 2] lib/smbldap.c:smbldap_search_domain_info(1319) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=CORP1))] [2004/10/15 11:11:09, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [dc=borkholder,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName =CORP1))], scope => [2] [2004/10/15 11:11:09, 10] lib/smbldap.c:smbldap_open_connection(542) smbldap_open_connection: ldap://localhost [2004/10/15 11:11:09, 2] lib/smbldap.c:smbldap_open_connection(638) smbldap_open_connection: connection opened [2004/10/15 11:11:09, 10] lib/smbldap.c:smbldap_connect_system(769) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=borkholder,dc=com" [2004/10/15 11:11:09, 3] lib/smbldap.c:smbldap_connect_system(804) ldap_connect_system: succesful connection to the LDAP server [2004/10/15 11:11:09, 4] lib/smbldap.c:smbldap_open(855) The LDAP server is succesfully connected [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(672) pdb backend ldapsam:ldap://localhost has a valid init [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match guest (guest) [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend guest [2004/10/15 11:11:09, 5] passdb/pdb_interface.c:make_pdb_methods_name(672) pdb backend guest has a valid init
The problem goes away when I map gid=0 to SID=Domain Admins. I don't know if this is a bug or not.
This was a config error and I forgot to come back and close it.