Content-Type: multipart/signed; micalg=pgp-sha1;

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

First of all apologies for replying to my own query, but I have run out
of things to try and really need to make some progress on this.

I have done a clean install and am now using the configuration file
below for my Samba PDC. This has made no difference to the issue with
usrmgr.exe. As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
nsswitch is configured to use winbind.

log level =3D 5
workgroup =3D domb
server string =3D Samba Server Version %v
interfaces =3D lo, eth0
passdb backend =3D tdbsam:/etc/samba/passdb.tdb
username map =3D /etc/samba/smbusers
log file =3D /var/log/samba/%m.log
max log size =3D 50

# Stuff that makes this machine a PDC.
add user script =3D /usr/sbin/useradd "%u" -n -g domusers
delete user script =3D /usr/sbin/userdel "%u"
add group script =3D /usr/sbin/groupadd "%g"
delete group script =3D /usr/sbin/groupdel "%g"
delete user from group script =3D /usr/sbin/userdel "%u" "%g"
add machine script =3D /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
logon path =3D \\%L\Profiles\%U
logon home =3D \\%L\%U\.profiles
logon drive =3D H:
domain logons =3D Yes
os level =3D 33
preferred master =3D Yes
domain master =3D Yes
wins proxy =3D Yes
wins support =3D Yes

# Equivalent of old behaviour.
idmap domains =3D ALLDOMAINS
idmap config ALLDOMAINS:default =3D yes
idmap config ALLDOMAINS:backend =3D tdb
idmap config ALLDOMAINS:range =3D 10000 - 50000

idmap alloc backend =3D tdb
idmap alloc config:range =3D 10000 - 50000

winbind enum users =3D yes
winbind enum groups =3D Yes
winbind nested groups =3D yes
hosts allow =3D 127., 192.168.42., 192.168.43.
cups options =3D raw

comment =3D Home Directories
read only =3D No
browseable =3D No

comment =3D Network Logon Service
path =3D /var/lib/samba/netlogon
guest ok =3D Yes
browseable =3D No
share modes =3D No
read only =3D yes

path =3D /var/lib/samba/profiles
read only =3D no
create mask =3D 0600
directory mask =3D 0700

At this stage I believe there to be a problem with winbind as I have
also tried the following.

Creating a local group with "net -U root%xxxxxxx sam createlocalgroup
local1", which succeeds.

A portion of the output from "net groupmap list verbose" shows:
SID : S-1-5-21-2991776595-4262790192-2958925130-1004
Unix gid : 10053
Unix group: local1
Group type: Local Group
Comment :

Testing winbind with the following:
[root@dombpdc ~]# wbinfo -G 10053
[root@dombpdc ~]# wbinfo -s
Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004

Shouldn't both these commands work or am missing something? I tried it
both with and without the quotes around the SID.


[root@dombpdc ~]# wbinfo -D .
Name : DOMB
Alt_Name :
SID : S-1-5-21-2991776595-4262790192-2958925130
Active Directory : No
Native : No
Primary : Yes
Sequence : -1

[root@dombpdc ~]# wbinfo -u
Error looking up domain users

[root@dombpdc ~]# wbinfo -g
BUILTIN\server operators
BUILTIN\power users
BUILTIN\print operators
BUILTIN\account operators
BUILTIN\backup operators

These are only the local groups. Shouldn't this list the domain groups
as well?

[root@dombpdc ~]# wbinfo --getdcname domb
Could not get dc name for domb

Which may well be the root of the problem?

I am happy to supply which ever logs are required, just let me know.



Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBIDukp6xLAi5x3faQRAnvwAJ9ITP2f8rmDPfdGKcTeDM cK3p4NnwCdFEsl


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba