domain map group fail

Vladimir Stavrinov vs at lasp.npi.msu.su
Thu Jan 20 05:35:37 GMT 2000 

On  Thu, 20 Jan 2000 15:19:17 +1100   Luke Kenneth Casson Leighton  wrote:
-------- 

> On Thu, 20 Jan 2000, Vladimir Stavrinov wrote:
> 
> > On  Thu, 20 Jan 2000 14:17:06 +1100   Luke Kenneth Casson Leighton  wrote:
> > -------- 
> > 
> > > hi vladimir,
> > > 
> > > the /etc/domaingroup.map file etc, it's world readable, right?  this is
> > 
> > Yes, I am aware of this. This configuration is not changing for an
> > year or more at all and I had no problems until start the TNG.
> 
> argh.  ok, can you try [latest cvs] again, and use rpcclient -S
> yoursambaserver -U% -l log and do the following commands:
> 
> lsaquery
> enumusers
> enumgroups
> enumaliases
> 
> then, pick an alias and a group that you _know is in the map files, and
> do:
> 
> lookupnames "the alias name" "the group name" "maybe even a username"
> 
> you should get some SIDs back.  strip off all but the last RID, and do:
> 
> lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid
> 
> you _should_ get the same alias, group and user names back, and it
> _should_ identify them correctly by type as well (thanks to elrond for
> that type patch!)

adm="Domain Admins"
root=admin

See output below from rpcclient:

[root at lasp source]# rpcclient -S lasp -U root -l /tmp/log
Enter Password:

[root at LASP]$ lsaquery
lsaquery
LSA Query Info Policy
Domain Member     - Domain: L.A.S.P SID: S-1-5-21-3528327861-1831579209-8958510
24
Domain Controller - Domain: LASP SID: S-1-5-21-3528327861-1831579209-895851024
[root at LASP]$ enumusers
enumusers
SAM Enumerate Users
User RID:      3e8  User Name: root
User RID:      7d0  User Name: vs
User RID:      7d2  User Name: creaker$
User RID:      7f6  User Name: lasp$
[root at LASP]$ enumgroups
enumgroups
SAM Enumerate Groups
[root at LASP]$  enumaliases
enumaliases
SAM Enumerate Aliases
lookupnames "Domain Admins" adm root
Lookup Names:
SID: Domain Admins -> S-0-0 (8: UNKNOWN)
SID: adm -> S-1-5-21-3528327861-1831579209-895851024-1006 (1: User)
SID: root -> S-1-5-21-3528327861-1831579209-895851024-1000 (1: User)
[root at LASP]$ lookupnames admin
lookupnames admin 

/tmp/log is empty. You see: main answer  is "Domain Admins" -> UNKNOWN
thats is because log.smb say parameter "domain group map" unknown...  :-(

More information about the samba-ntdom mailing list