> That could be an opportunity to re-check that file and see whether > there are some things we might want to add.
I recommend the following additions: - There is a bug (https://bugzilla.samba.org/show_bug.cgi?id=4098) where by accounts created with 'net rpc user add' are disabled and need enabling. To work around this you can do this for each account you create: smbpasswd -e <new username> - Beware of 'invalid users = root' in smb.conf, which is enabled by default in Debian - Upgrading from Sarge to Etch: smb.conf's 'passwd chat' changed from '*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .' to '*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .' Since Samba 3.0.23 'net groupmap modify' now needs to be 'net groupmap add'; additionally the RID has to be specified, using the form 'rid=<RID>' >From 3.0.23's release notes: "Group Mapping Changes ===================== The default mapping entries for groups such as "Domain Admins" are no longer created when using an smbpasswd file or a tdbsam passdb backend. This means that it is necessary to use 'net groupmap add' rather than 'net groupmap modify' to set these entries. This change has no effect on winbindd's IDmap functionality for domain groups." Where once you might have done this: net groupmap modify ntgroup="Domain Admins" unixgroup="samba-domain-admins" type=domain -U root net groupmap modify ntgroup="Domain Users" unixgroup="samba-domain-users" type=domain -U root net groupmap modify ntgroup="Domain Guests" unixgroup="samba-domain-guests" type=domain -U root You now have to do this: net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="samba-domain-admins" type=domain -U root net groupmap add rid=513 ntgroup="Domain Users" unixgroup="samba-domain-users" type=domain -U root net groupmap add rid=514 ntgroup="Domain Guests" unixgroup="samba-domain-guests" type=domain -U root
