[Samba] "net groupmap" problems
Ed Ravin
eravin at panix.com
Tue Mar 16 01:32:06 GMT 2004
On Mon, Mar 15, 2004 at 08:11:42PM -0500, Ed Ravin wrote:
> Is there any way to get Samba to match the Unix UIDs to Windows RIDs,
> or to force the RIDs to be particular values as we can do with
> "net groupmap" for groups?
Speaking of which, I'm having trouble with that command too (samba-3.0.2a,
running on Red Hat 6.x Linux with some new bits grafted into it).
I started by deleting group_mapping.tdb and starting the server.
# net groupmap list | grep Users
Power Users (S-1-5-32-547) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-662018651-3907110178-816287836-513) -> -1
Now, I want to map "Domain Users" to my local "users" group and keep
the same RID:
[root migration]# net groupmap add rid=513 unixgroup=users type=domain ntgroup='Domain Users'
adding entry for group Domain Users failed!
Well, that's a helpful error message. What's going on here?
I've noticed that I can do this without specifying the RID:
# net groupmap add unixgroup=users type=domain ntgroup='Domain Users'
No rid or sid specified, choosing algorithmic mapping
Successully added group Domain Users to the mapping db
But now, there are TWO entries in the map for "Domain Users":
# net groupmap list | grep Users
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-662018651-3907110178-816287836-1201) -> users
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-662018651-3907110178-816287836-513) -> -1
And running rpcclient against localhost reports that "Domain Users"
is RID 1201, not 513.
Other experiments show that there will always be an entry for Domain Users
with rid 513 pointing to -1, even when I explicitly try to delete it.
-- Ed
More information about the samba
mailing list