We have updated from Samba 3.0.10 (CentOS 4.4 samba-3.0.10-1.4E.9.i386.rpm) to Samba 3.0.23d (Sernet.de packages samba3*-3.0.23d-30.i386.rpm) and suddenly USRMGR.EXE stopped showing the available groups (i.e, the "Groups" panel at the bottom of USRMGR's window is completely blank). Using EXPLORER.EXE folder's "permission" tab to add rights for groups work Ok: the problem only manifests itself in USRMGR.EXE. Reinstalling the samba-3.0.10 RPMs solves the problem, so the problem definitely seems to be in the 3.0.23d Samba version.
Our environment is:
OS: CentOS 4.4 (Linux RHEL 4.4 clone) with all updates;
User base is on LDAP (relevant packages: openldap-2.2.13-6.4E, smbldap_tools v.1.56);
99% that this is an OpenLDAP bug of the OpenLDAP version you have. OpenLDAP fixed pages results in 2.2.16 while Samba started using paged results after 3.0.10.
(In reply to comment #1)
> 99% that this is an OpenLDAP bug of the OpenLDAP version you have. OpenLDAP
> fixed pages results in 2.2.16 while Samba started using paged results after
Thank you for your help.
I just upgraded our test machine's OpenLDAP from version 2.2.13 to 2.2.16,
as indicated, and still the problem continues *exactly* as before.
Perhaps my explanation of USRMGR.EXE problem was not very clear, so
I'm attaching a screendump of USRMGR.EXE showing the problem.
If it's indeed not a SAMBA bug, what more can I do to fix this?
Created attachment 2254 [details]
screendump of USRMGR.EXE showing the problem.
perhaps my (textual) explanation of the bug was not very clear, so I'm attaching this screendump to try and rectify it.
With 3.0.23 we changed Samba to only show groups that have group mapping entries created with "net groupmap".
Marking this bug as invalid, please re-open if the groups still don't show up if you map them with "net sam mapunixgroup".
Apparently our groups already have been group mapped:
root# net sam mapunixgroup am-administrator
Mapping group am-administrador failed with NT_STATUS_GROUP_EXISTS
root# net sam show am-administrator
SERVER\am-administrator is a Domain Group with SID S-1-5-21-1418233604-66961471-3069881275-2047
The problem remains the same, so I'm reopening the bug.
Any other ideas?
Please show what "net groupmap list" shows.
If there are entries, then please upload a debug level 10 log of smbd from its start to usrmgr.exe not showing its groups.
Did you update the schema file and reindex you database (hint: read
the release notes)?
I had exactly the same problem. After read this thread, update the samba.schema file and reindex the ldap database, the problem was solved. Thanks to Jerry Carter. I think this bug can be closed.