[Samba] Group mapping... static ???
ganael.laplanche at edfgdf.fr
Mon Aug 4 14:34:19 GMT 2003
I'm testing group mapping, wondering how It works exactly...
I thought Samba was storing a mapping table allowing to retreive infos on
Unix/Windows groups in a DYNAMIC way. Unfortunately, group mapping seems to
be static, here is what I did :
[I'm using Samba b3v3 + LDAP, WITHOUT nss-ldap/pam-ldap/winbind ->
everything is stored in my /etc/passwd and /etc/group + in LDAP for Samba
1) Created Unix group (let's say domusers) : groupadd domusers
2) Created LDAP group, with ldapadd, and a file containing :
3) Created Unix user (foo, primary group domusers) : useradd -g domusers
4) Created Group mapping : net groupmap add sid=<mySID>-513
unixgroup=domusers ntgroup="Domain Users" type=domain (then "net groupmap
5) Finally, created LDAP (samba) user : smbpasswd -a foo
Ok, no problem, foo gets the domain local sid + the domain users rid as
SambaPrimaryGroupSid, he IS a Win Domain User.
Here is what I don't understand : If I delete the groupmapping or modify
it, the SambaPrimaryGroupSid of foo isn't modified ! Foo remains a Domain
Another example : if I create first the user, then the mapping : the user
doens't get the new SambaPrimaryGroupSid and doesn't become a Domain
Am I missing something ? Is the mapping only used while creating users ? I
thought the table was used in a more dynamic way... Is there a technical
limit in implementing this function this way ? Please help me...
More information about the samba