[Samba] Re: Group mapping problem

Jérôme Fenal jerome.fenal at logicacmg.com
Tue Dec 16 14:04:52 GMT 2003 

Gonzalo Aguilera wrote:
> Hi,
> 
> I'm using tdb and Samba 3.0.0
> 
> in /etc/group I have
> 
>     domadm:x:502:yo,tu
> 
> net groupmap
> 
>     Domain Admins (S-1-5-21-1113206677-1823813211-1234567-512) -> domadm
> 

[snip]

>  root directory = administrator
Do you really need this one ?
Maybe it wont't find the administrator file system directory, and thus, 
won't find either the /etc/passwd and /etc/group ?

I also know of some problem with the secondary group specified in the 
valid users clause. But I encountered it only with W98 clients. Please 
see test 3. below to confirm bug with W2K client (samba bug 882).

Could you :
1. Try to use last version of Samba (3.0.1)
2. If 3.0.1 doesn't work, set the primary group of the user to 'Domain 
Admins' and retry
3. Provide a 'log level=10' log of only the access to the share (ie. > 
logfile before access, access it, cp logfile logfile.archive)

2. and 3. done with 3.0.1 if possible.
Please also specify the OS Samba's running on.

Regards,

Jêrôme

> 
> ----- Original Message -----
> From: "Jérôme Fenal" <jerome.fenal at logicacmg.com>
> To: <samba at lists.samba.org>
> Sent: Monday, December 15, 2003 1:55 PM
> Subject: [Samba] Re: Group mapping problem
> 
> 
> 
>>Gonzalo Aguilera wrote:
>>
>>>    Hi,
>>>
>>>        I have Samba 3 as Domain controller. From a Windows 2000
> 
> Professional I share a folder (c:\test) with access permission for certain
> domain user (MYDOMAIN\yo). I can access to that folder from other w2000 with
> that user validated into it. If I add that user to a unix group (domadm) and
> map this group to Domain Admins (net groupmap modify ntgroup="Domain Admins"
> unixgroup=domadm) and change w2000 shared folder access permission for group
> MYDOMAIN\Domain Admins I get Access Denied. What's wrong?

It also seems

> 
>>>    Thanks.
>>
>>Please include more informations about your setup :
>>- What sam type are you using (tdb, ldap, etc.) ?
>>- Include a copy of testparm output
>>- Include the content of the mapping (ie. which RID dd you give to the
>>domadmin group?)
>>- What version of Samba 3 (3.0.0, 3.0.1pre?, 3.0.1rc?)
>>- and any more information that would be valuable to answer you
>>
>>Regards,
>>
>>Jérôme
>>
>>--
>>Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
>>Groupe Expert & Managed Services - LogicaCMG France
>>http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
>

More information about the samba mailing list