[Samba] samba 3.0 and group mapping

dwerder at printeron.net dwerder at printeron.net
Thu Aug 1 05:39:02 GMT 2002

The problem seems to be in the group type field of your smbgroupedit -vl
output.  Notice that it does not say Domain Group.  So to correct it to work
properly use

smbgroupedit -c <SID> -u <unix_group> -td

This should adjust the Group Type field to Domain Group and should correct
your problems.  This is not clear from the man page and there may be other
ways of achieving the same thing with different parameters.


-----Original Message-----
From: Eddie Lania [mailto:e.lania at elton.nl]
Sent: Thursday, August 01, 2002 7:54 AM
To: tsmailing at tronicplanet.de
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba 3.0 and group mapping


I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?

Thank you for a reply.



hi list,

i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.

i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.

any ideas?

btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.

thanx 4 any answers

output from smbgroupedit

NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"

Domain Admins
         SID       : S-1-5-21-3013901393-2549662177-2794664770-512
         Unix group: tpuseradmin
         Group type: Unknown type
         Comment   :
         Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp

         SID       : S-1-5-21-3013901393-2549662177-2794664770-1219
         Unix group: tronicplanet
         Group type: Local group
         Comment   : Local Unix group
         Privilege : No privilege


#       code page directory = /etc/samba30/codepages
         workgroup = TP-SAMBA
         netbios name = TRONIC-PDC
         interfaces =
         bind interfaces only = Yes
         encrypt passwords = Yes
         security = user
#       password server = venus
         map to guest = Bad User
#       passwd program = /usr/local/sbin/ldapsync.pl -o %u
#       passwd chat = *New*password* %n\n *Retype*new*password* %n\n
         log file = /var/log/samba30/%m
         debug pid = Yes
         debug uid = Yes
         large readwrite = Yes
         time server = Yes
         load printers = No
#       character set = ISO8859-15
#       domain admin group = @smbadm
         logon path =
         logon home =
         domain logons = Yes
         use spnego = no
         os level = 64
         wins support = Yes
         passdb backend = ldapsam:ldap://localhost
#       ldap port = 389
#       ldap server = sonne.tronicplanet.de
         ldap suffix = dc=tronicplanet,dc=de
         ldap admin dn = uid=root,dc=tronicplanet,dc=de
         ldap ssl = no
         lock dir = /var/lock/samba30
         pid directory = /var/run/samba30
         socket address =
         host msdfs = Yes
#       admin users = @smbadm
#       printer admin = @smbprtadm
         printing = cups
         veto files = /*.eml/*.nws/riched20.dll/*.{*}/
         veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS

More information about the samba mailing list