Find the answer to your Linux question:
Results 1 to 5 of 5
Hi there, I'm trying to run a Linux (RedHat 7.3) fileserver on a Windows NT network. I joined the server to the existing Windows NT domain. When trying to change ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2003
    Posts
    2

    Samba related question


    Hi there,
    I'm trying to run a Linux (RedHat 7.3) fileserver on a Windows NT network.
    I joined the server to the existing Windows NT domain.
    When trying to change file or directory permissions through the windows dialogs i get a "Access denied" message.
    Here is what I see in the samba log files:

    [2003/03/17 07:46:34, 1] smbd/service.c:make_connection_snum(681)
    ystoev (172.16.252.235) connect to service proba initially as user AEC_EP2+YStoev (uid=10000, gid=10000) (pid 10220)
    [2003/03/17 07:46:37, 0] rpc_server/srv_util.c:get_domain_user_groups(342)
    get_domain_user_groups: primary gid of user [root] is not a Domain group !
    get_domain_user_groups: You should fix it, NT doesn't like that
    [2003/03/17 07:47:45, 1] smbd/service.c:close_cnum(859)
    ystoev (172.16.252.235) closed connection to service proba

    How do I fix that?

  2. #2
    Linux Enthusiast
    Join Date
    Jun 2002
    Location
    San Antonio
    Posts
    621
    add a domain group called "root" on the NT machine.
    I respectfully decline the invitation to join your delusion.

  3. #3
    Just Joined!
    Join Date
    Mar 2003
    Posts
    2
    Thanks for the advice, but it didn't work. I made a domain group called root and still got the same. Then i tried to do the same with another account from the NT domain (AEC_EP2\VSimeonov - this is a Domain Admin) and still got the same:
    [2003/03/18 08:34:03, 1] smbd/service.c:make_connection_snum(681)
    ep2_vts (172.16.252.5) connect to service test initially as user AEC_EP2+VSimeonov (uid=0, gid=10026) (pid 13507)
    [2003/03/18 08:34:06, 0] rpc_server/srv_util.c:get_domain_user_groups(342)
    get_domain_user_groups: primary gid of user [root] is not a Domain group !
    get_domain_user_groups: You should fix it, NT doesn't like that
    [2003/03/18 08:34:48, 1] smbd/service.c:close_cnum(859)
    here is some part of my smb.conf file:

    [global]
    wins server = 172.16.254.1
    pam password change = yes
    create mode = 0777
    winbind uid = 10000-20000
    dns proxy = no
    encrypt passwords = yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    admin users = "AEC_EP2+Domain Admins"
    password server = ep2_srv ep2intranet
    obey pam restrictions = yes
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
    directory mode = 0777
    security = domain
    winbind separator = +
    unix password sync = yes
    server string = Test FS
    workgroup = aec_ep2
    winbind gid = 10000-20000
    winbind enum groups = yes
    netbios name = SMBtest
    log file = /var/log/samba/%m.log
    os level = 20
    default = global
    winbind enum users = yes
    security mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0

    [test]
    path = /home/test
    writable = yes
    comment = just for testing
    available = yes
    nt acl support = true

    What am I doing wrong?

  4. #4
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    Domain Admins

    Samba needs to be given a group which act as domain administrators - replacing the global group functionality of NT. I am at home at the moment so cannot be 100% sure of the syntax but try this.

    Create a group called Admins on the Linux box.
    Add accounts for the users on the linux box.
    add the following to the smb.conf file globals section.

    Domain Admin Group = +Admins

    I have only ever run samba as a PDC not a member server with passthru authentication so I am not sure if this will solve your problem.

    I'll check through some stuff in work tomorrow and post a new reply tomorrow evening. Good luck.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  5. #5
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    I'm stuck too

    Sorry, had a look through some books at the office and could not replicate your problem. The domain admins stuff I mentioned earlier doesn't relate directly to your problem coz it only really matters when samba is the PDC.

    Question. Have you set the linux file permissions on the folder /home/test to allow access from the Domain Admins group?

    Try this (Its just a guess)
    Create a parent share to your test folder i.e.

    [hometest]
    path = /home
    writable = yes
    comment = just for testing as well
    available = yes
    nt acl support = true

    Check correct mod and grp ownership of folder(s).
    Just in case you have to access the parent folder to make the changes.

    I had problems creating roaming user profiles as the parent folder was not a share?!? Dunno why but it worked.

    If you haven't sorted it out. Run testparms and post the full results and we can have a look at the compile options as well as the settings.

    Good Luck
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •