[Samba] samba 3.0 and group mapping

dwerder at printeron.net dwerder at printeron.net
Thu Aug 1 05:46:02 GMT 2002


Now to add to my previous post, after the group type is set to domain group
and I have a samba 3.0alpha18 fileserver using winbind for authentication
doing the command 'getent group' does not return the list of Domain Groups
in addition to the local groups.  Doing an ls -l of a share directory does
not resolve the gid numbers to names and an NT ACCESS DENIED is generated in
the PDC log file for each lookup.  See my previous posts (from a few days
ago) for more information and logs. 


-----Original Message-----
From: Eddie Lania [mailto:e.lania at elton.nl]
Sent: Thursday, August 01, 2002 7:54 AM
To: tsmailing at tronicplanet.de
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba 3.0 and group mapping


Hi,

I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?

Thank you for a reply.

Greetings,

Eddie.

-----------------------------------
hi list,

i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.

i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.

any ideas?


btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.

thanx 4 any answers
thomas


output from smbgroupedit

NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1


i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"

Domain Admins
         SID       : S-1-5-21-3013901393-2549662177-2794664770-512
         Unix group: tpuseradmin
         Group type: Unknown type
         Comment   :
         Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp

tronicplanet
         SID       : S-1-5-21-3013901393-2549662177-2794664770-1219
         Unix group: tronicplanet
         Group type: Local group
         Comment   : Local Unix group
         Privilege : No privilege




smb.conf

[global]
#       code page directory = /etc/samba30/codepages
         workgroup = TP-SAMBA
         netbios name = TRONIC-PDC
         interfaces = 192.168.0.31/255.255.255.192
         bind interfaces only = Yes
         encrypt passwords = Yes
         security = user
#       password server = venus
         map to guest = Bad User
#       passwd program = /usr/local/sbin/ldapsync.pl -o %u
#       passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
         log file = /var/log/samba30/%m
         debug pid = Yes
         debug uid = Yes
         large readwrite = Yes
         time server = Yes
         socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
         load printers = No
#       character set = ISO8859-15
#       domain admin group = @smbadm
         logon path =
         logon home =
         domain logons = Yes
         use spnego = no
         os level = 64
         wins support = Yes
         passdb backend = ldapsam:ldap://localhost
#       ldap port = 389
#       ldap server = sonne.tronicplanet.de
         ldap suffix = dc=tronicplanet,dc=de
         ldap admin dn = uid=root,dc=tronicplanet,dc=de
         ldap ssl = no
         lock dir = /var/lock/samba30
         pid directory = /var/run/samba30
         socket address = 192.168.0.31
         host msdfs = Yes
#       admin users = @smbadm
#       printer admin = @smbprtadm
         printing = cups
         veto files = /*.eml/*.nws/riched20.dll/*.{*}/
         veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS






More information about the samba mailing list