[Samba] Not seeing the expected group memberships with ifmember.exe /list

We have bumped into a most odd problem.

Server:
Debian Etch and their Samba 3.0.24-2

Client:
WinXP SP2, MSI v3, all hot fixes

The following settings are in place on the server:
#!/bin/bash
#
# initGrps.sh

# Map Windows Domain Groups to UNIX groups
net groupmap add ntgroup="Domain Admins" unixgroup=domadmin rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=domusers rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=domguest rid=514 type=d

# Create some Domain Groups to administer local security
net groupmap add ntgroup=ntadmins unixgroup=ntadmins type=d
net groupmap add ntgroup=ntpwrusr unixgroup=ntpwrusr type=d
net groupmap add ntgroup=ntusers unixgroup=ntusers type=d
net groupmap add ntgroup=ntguests unixgroup=ntguests type=d


When we join the domain, we run roughly the following script:
REM JoinDomain.cmd
NETDOM.EXE JOIN %ComputerName% /Domain:LDS-DEMO /UserD:ldsinst /PasswordD:password

REM Remove domain to local group mapping done by NETDOM
NET LOCALGROUP "Users" "LDS-DEMO\Domain Users" /DEL
NET LOCALGROUP "Administrators" "LDS-DEMO\Domain Admins" /DEL

REM Add domain to local group mapping
NET LOCALGROUP "Administrators" "LDS-DEMO\ntadmins" /ADD
NET LOCALGROUP "Power Users" "LDS-DEMO\ntpwrusr" /ADD
NET LOCALGROUP "Users" "LDS-DEMO\ntusers" /ADD
NET LOCALGROUP "Guests" "LDS-DEMO\ntguests" /ADD


What is specifically missing in "ifmember /list" are:
LDS-DEMO\Domains Admins
LDS-DEMO\ntadmins

We are at least getting membership to:
LDS-DEMO\Domain Users

<><><><><><><><><>

What steps should we try as we try to track down this case of missing group memberships?

--
Michael Lueck
Lueck Data Systems
[url]http://www.lueckdatasystems.com/[/url]

--
To unsubscribe from this list go to the following URL and read the
instructions: [url]https://lists.samba.org/mailman/listinfo/samba[/url]

Greetings List-

It has been a long weekend... we have tried many things. It seems "something" is up with the 3.0.24-1 and -2 packages for Debian Etch that Debian put out.

We installed the old hard drive in the mobile test server (aka ThinkPad) which still had Debian Sarge on it. Purged the Samba packages, and installed the packages of 3.0.24 from samba.org. Following
the exact same steps, we end up with the expected permissions / memberships / etc...

Also failing with the Etch server were assigning permission to a "special user" account for joining machines to the domain, and also assigning print admin permissions to the "Domain Admin" group.

Those commands were successful with the Sarge hard drive.

So, just a general heads up... something smelling fishy with Debian Etch.

Since we have a workable solution, we plan on demoing on Debian Sarge, and also installing Ubuntu 7.04 server on the HDD with Debian Etch on it currently... and maybe do the presentation with Ubuntu
if successful.

fffeeeewwww.... (and it is only 22:45!)

--
Michael Lueck
Lueck Data Systems
[url]http://www.lueckdatasystems.com/[/url]

--
To unsubscribe from this list go to the following URL and read the
instructions: [url]https://lists.samba.org/mailman/listinfo/samba[/url]

Michael Lueck wrote:[color=blue]
> It seems
> "something" is up with the 3.0.24-1 and -2 packages for Debian Etch that
> Debian put out.[/color]

Correction, I see per the Debian page, those versions are actually 3.0.24-6etch1 and 3.0.24-6etch2.

So, just to clarify. I took the time to at least file a Debian bug report as to our findings. It can be found at the following URL:
[url]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427444[/url]

--
Michael Lueck
Lueck Data Systems
[url]http://www.lueckdatasystems.com/[/url]

--
To unsubscribe from this list go to the following URL and read the
instructions: [url]https://lists.samba.org/mailman/listinfo/samba[/url]

Michael Lueck wrote:[color=blue]
> So, just a general heads up... something smelling fishy with Debian Etch.[/color]

So it's not just me having weird problems on recently upgraded servers
that have weird permissions setups.
Now if only I had the time to go and try the official packages on the
most problematic server... But users will complain if I break it (again).

TB

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
--
To unsubscribe from this list go to the following URL and read the
instructions: [url]https://lists.samba.org/mailman/listinfo/samba[/url]

Tim Bates wrote:[color=blue]
> Michael Lueck wrote:[color=green]
>> So, just a general heads up... something smelling fishy with Debian Etch.[/color]
>
> So it's not just me having weird problems on recently upgraded servers
> that have weird permissions setups.
> Now if only I had the time to go and try the official packages on the
> most problematic server... But users will complain if I break it (again).[/color]

I ended up presenting with Ubuntu Server 7.04 and their current Samba packages, which were at build 3.0.24-2ubuntu1.2_i386.

Upon returning from that conference, Debian Etch had been updated to 3.0.24-6etch4_i386, and a clean installation of Etch and those packages worked to perfection.

I have no idea what was up... and since I did a clean install (the previous Etch installation was nuked to hurry off to Ubuntu), possibly it was some Etch bug only if you first installed an earlier
build of Samba, or, or, or...

Just glad to see that weirdness GONE! :-)

--
Michael Lueck
Lueck Data Systems
[url]http://www.lueckdatasystems.com/[/url]

--
To unsubscribe from this list go to the following URL and read the
instructions: [url]https://lists.samba.org/mailman/listinfo/samba[/url]