[Samba] net groupmap question

Sameer Zeidat sameerz at yahoo.com
Mon Jun 16 10:10:20 GMT 2003 

Hi ..

Can you give more details regarding groupmaps usage. 

The only difference that I've noticed after doing the mapping is the
names of groups in windows security settings boxes. For example,
instead of 'users' it's now showing 'Domain Users', instead of 'root'
it's now showing 'Domain Admins'. Is it just this butification effect?!

Underlying, the acl entries (if acl is enabled) or regular file modes
are applied in the same manner regardless if mapping is done or not.

Things I'm wondering about:
- Do groupmaps have any effect on samba if 'domain logons' (PDC) is on?
- Do groupmaps and idmaps realte (functionally) to each other in any
manner?

Many Thanks ..


--- John H Terpstra <jht at samba.org> wrote:
> On Mon, 16 Jun 2003, Sameer Zeidat wrote:
> 
> > Hi ..
> >
> > Thanks! It works now.
> >
> > However, I still get lots of the following in logs (which is why
> I'm
> > worrying about groupmaps in the first place):
> > [2003/06/16 10:04:35, 0]
> > rpc_server/srv_util.c:get_domain_user_groups(347)
> >   get_domain_user_groups: primary gid of user [root] is not a
> Domain
> > group !
> >   get_domain_user_groups: You should fix it, NT doesn't like that
> >
> > What do these mean?
> 
> You need to map the primary gid of your users to be "Domain Users" or
> some
> other "Domain XXXX" group.
> 
> ie: If your users all have primary group 100 == users (unix)
> then:
> 
> 	net groupmap modify ntgroup="Domain Users" unixgroup=users
> 
> This should get rid of the warning messages.
> 
> >
> > Another selly question, if anyone is patient enough to answer it,
> > what's the use of groupmaps? When would one need them?
> 
> To map NTgroups to Unix groups. Mostly done so you can set file
> system
> permissions.
> 
> - John T.
> 
> >
> > Many thanks ..
> >
> >
> > --- John H Terpstra <jht at samba.org> wrote:
> > > On Sun, 15 Jun 2003, Sameer Zeidat wrote:
> > >
> > > > Hi ..
> > > >
> > > > Can anyone help with this:
> > > >
> > > > Samba-3.0.0beta1 running in a stand-alone mode, tdbsam backend,
> no
> > > > idmap options set. When I add a group map using net groupmap
> > > between
> > > > unix:root and nt:Domain Admins, I get a successfull status
> message.
> > > >
> > > > Yet when I do net groupmap list, all groups still point to -->
> -1
> > > !!
> > > >
> > > > Am I missing something here??
> > >
> > > Did you do it this way?
> > >
> > > 	net groupmap modify ntgroup="Domain Users" unixgroup=users
> > >
> > > Note the word "modify" above. This one bit me hard too. :)
> > >
> > > - John T.
> > > --
> > > John H Terpstra
> > > Email: jht at samba.org
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > SBC Yahoo! DSL - Now only $29.95 per month!
> > http://sbc.yahoo.com
> >
> 
> -- 
> John H Terpstra
> Email: jht at samba.org


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

More information about the samba mailing list