[Samba] net groupmap add
Schreiber, Martin
martin.a.schreiber at siemens.com
Thu Jan 3 15:57:38 GMT 2008
Hi List,
We have a pretty complex samba configuration running version 3.0.21 , this worked for about 2 years , but due to security reasons we need to upgrade to latest version 3.0.28.
I have no local unix users created on our host all access is regulated via the valid user = @AD+group statement . and the net groupmap add command. This worked great , but seems broken in latest versions since 3.0.23
I checked the latest howtos , but no success , seems that i overlooked some essentials...
Now my smb.conf (only the relevant lines)
----------------
workgroup = WWxxx
server string = 47556. at emailaddress
security = DOMAIN
netbios name = ATWS26QC
encrypt passwords = Yes
client schannel = no
client use spnego = no
server signing = auto
config file = /usr/local/samba/lib/smb.conf
password server = vieg10wa
passdb expand explicit = no
password level = 1
winbind uid = 100000-130000
winbind gid = 100000-120000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nested groups = yes
#the shares
[home2]
path = /home2
valid users @sbs_ors_ux @sbs_ors
read only = no
browseable = yes
----------------------
output from net groupmap list
--------------------------
# bin/net groupmap list
Administrators (S-1-5-32-544) -> 100000
sbs_ors (S-1-5-21-3932861455-2822179577-2594212704-125693) -> sbs_ors_ux ----> thats the relevant group
Users (S-1-5-32-545) -> 100001
------------------------
But I cant get it to work , I´m allways asked for a password , but should work seemless , as it does with "old" samba version
Hope theres someone who can give me some hints , like a working smb.conf and or a howto to manage the "net groupmap add" command in the proper way
Best regards Martin
Martin Schreiber
Siemens IT Solutions and Services GmbH
Gudrunstrasse 11
A-1101 Wien
Tel: +43(0)51707 47565
Fax: +43(0) 51707 57560
martin.a.schreiber at siemens.com
http://www.siemens.at/it-solutions
Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht Wien, Firmensitz Wien
Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
Important Note: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation
More information about the samba
mailing list