domain map group fail
Vladimir Stavrinov
vs at lasp.npi.msu.su
Thu Jan 20 05:35:37 GMT 2000
On Thu, 20 Jan 2000 15:19:17 +1100 Luke Kenneth Casson Leighton wrote:
--------
> On Thu, 20 Jan 2000, Vladimir Stavrinov wrote:
>
> > On Thu, 20 Jan 2000 14:17:06 +1100 Luke Kenneth Casson Leighton wrote:
> > --------
> >
> > > hi vladimir,
> > >
> > > the /etc/domaingroup.map file etc, it's world readable, right? this is
> >
> > Yes, I am aware of this. This configuration is not changing for an
> > year or more at all and I had no problems until start the TNG.
>
> argh. ok, can you try [latest cvs] again, and use rpcclient -S
> yoursambaserver -U% -l log and do the following commands:
>
> lsaquery
> enumusers
> enumgroups
> enumaliases
>
> then, pick an alias and a group that you _know is in the map files, and
> do:
>
> lookupnames "the alias name" "the group name" "maybe even a username"
>
> you should get some SIDs back. strip off all but the last RID, and do:
>
> lookupsids the-alias-rid the-group-rid maybe-even-the-username-rid
>
> you _should_ get the same alias, group and user names back, and it
> _should_ identify them correctly by type as well (thanks to elrond for
> that type patch!)
adm="Domain Admins"
root=admin
See output below from rpcclient:
[root at lasp source]# rpcclient -S lasp -U root -l /tmp/log
Enter Password:
[root at LASP]$ lsaquery
lsaquery
LSA Query Info Policy
Domain Member - Domain: L.A.S.P SID: S-1-5-21-3528327861-1831579209-8958510
24
Domain Controller - Domain: LASP SID: S-1-5-21-3528327861-1831579209-895851024
[root at LASP]$ enumusers
enumusers
SAM Enumerate Users
User RID: 3e8 User Name: root
User RID: 7d0 User Name: vs
User RID: 7d2 User Name: creaker$
User RID: 7f6 User Name: lasp$
[root at LASP]$ enumgroups
enumgroups
SAM Enumerate Groups
[root at LASP]$ enumaliases
enumaliases
SAM Enumerate Aliases
lookupnames "Domain Admins" adm root
Lookup Names:
SID: Domain Admins -> S-0-0 (8: UNKNOWN)
SID: adm -> S-1-5-21-3528327861-1831579209-895851024-1006 (1: User)
SID: root -> S-1-5-21-3528327861-1831579209-895851024-1000 (1: User)
[root at LASP]$ lookupnames admin
lookupnames admin
/tmp/log is empty. You see: main answer is "Domain Admins" -> UNKNOWN
thats is because log.smb say parameter "domain group map" unknown... :-(
More information about the samba-ntdom
mailing list