[Samba] samba 3.0 and group mapping
dwerder at printeron.net
dwerder at printeron.net
Thu Aug 1 05:46:02 GMT 2002
Now to add to my previous post, after the group type is set to domain group
and I have a samba 3.0alpha18 fileserver using winbind for authentication
doing the command 'getent group' does not return the list of Domain Groups
in addition to the local groups. Doing an ls -l of a share directory does
not resolve the gid numbers to names and an NT ACCESS DENIED is generated in
the PDC log file for each lookup. See my previous posts (from a few days
ago) for more information and logs.
-----Original Message-----
From: Eddie Lania [mailto:e.lania at elton.nl]
Sent: Thursday, August 01, 2002 7:54 AM
To: tsmailing at tronicplanet.de
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba 3.0 and group mapping
Hi,
I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?
Thank you for a reply.
Greetings,
Eddie.
-----------------------------------
hi list,
i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.
i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.
any ideas?
btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.
thanx 4 any answers
thomas
output from smbgroupedit
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"
Domain Admins
SID : S-1-5-21-3013901393-2549662177-2794664770-512
Unix group: tpuseradmin
Group type: Unknown type
Comment :
Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp
tronicplanet
SID : S-1-5-21-3013901393-2549662177-2794664770-1219
Unix group: tronicplanet
Group type: Local group
Comment : Local Unix group
Privilege : No privilege
smb.conf
[global]
# code page directory = /etc/samba30/codepages
workgroup = TP-SAMBA
netbios name = TRONIC-PDC
interfaces = 192.168.0.31/255.255.255.192
bind interfaces only = Yes
encrypt passwords = Yes
security = user
# password server = venus
map to guest = Bad User
# passwd program = /usr/local/sbin/ldapsync.pl -o %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
log file = /var/log/samba30/%m
debug pid = Yes
debug uid = Yes
large readwrite = Yes
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
# character set = ISO8859-15
# domain admin group = @smbadm
logon path =
logon home =
domain logons = Yes
use spnego = no
os level = 64
wins support = Yes
passdb backend = ldapsam:ldap://localhost
# ldap port = 389
# ldap server = sonne.tronicplanet.de
ldap suffix = dc=tronicplanet,dc=de
ldap admin dn = uid=root,dc=tronicplanet,dc=de
ldap ssl = no
lock dir = /var/lock/samba30
pid directory = /var/run/samba30
socket address = 192.168.0.31
host msdfs = Yes
# admin users = @smbadm
# printer admin = @smbprtadm
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS
More information about the samba
mailing list