[Samba] net groupmap question

John H Terpstra jht at samba.org
Mon Jun 16 13:39:12 GMT 2003


Sameer,

Sorry, further information needs to wait until current work in this area
is complete. This stuff will be much better documented in the HOWTO
Collection before samba-3.0.0 ships.

- John T.

On Mon, 16 Jun 2003, Sameer Zeidat wrote:

> Hi ..
>
> Can you give more details regarding groupmaps usage.
>
> The only difference that I've noticed after doing the mapping is the
> names of groups in windows security settings boxes. For example,
> instead of 'users' it's now showing 'Domain Users', instead of 'root'
> it's now showing 'Domain Admins'. Is it just this butification effect?!
>
> Underlying, the acl entries (if acl is enabled) or regular file modes
> are applied in the same manner regardless if mapping is done or not.
>
> Things I'm wondering about:
> - Do groupmaps have any effect on samba if 'domain logons' (PDC) is on?
> - Do groupmaps and idmaps realte (functionally) to each other in any
> manner?
>
> Many Thanks ..
>
>
> --- John H Terpstra <jht at samba.org> wrote:
> > On Mon, 16 Jun 2003, Sameer Zeidat wrote:
> >
> > > Hi ..
> > >
> > > Thanks! It works now.
> > >
> > > However, I still get lots of the following in logs (which is why
> > I'm
> > > worrying about groupmaps in the first place):
> > > [2003/06/16 10:04:35, 0]
> > > rpc_server/srv_util.c:get_domain_user_groups(347)
> > >   get_domain_user_groups: primary gid of user [root] is not a
> > Domain
> > > group !
> > >   get_domain_user_groups: You should fix it, NT doesn't like that
> > >
> > > What do these mean?
> >
> > You need to map the primary gid of your users to be "Domain Users" or
> > some
> > other "Domain XXXX" group.
> >
> > ie: If your users all have primary group 100 == users (unix)
> > then:
> >
> > 	net groupmap modify ntgroup="Domain Users" unixgroup=users
> >
> > This should get rid of the warning messages.
> >
> > >
> > > Another selly question, if anyone is patient enough to answer it,
> > > what's the use of groupmaps? When would one need them?
> >
> > To map NTgroups to Unix groups. Mostly done so you can set file
> > system
> > permissions.
> >
> > - John T.
> >
> > >
> > > Many thanks ..
> > >
> > >
> > > --- John H Terpstra <jht at samba.org> wrote:
> > > > On Sun, 15 Jun 2003, Sameer Zeidat wrote:
> > > >
> > > > > Hi ..
> > > > >
> > > > > Can anyone help with this:
> > > > >
> > > > > Samba-3.0.0beta1 running in a stand-alone mode, tdbsam backend,
> > no
> > > > > idmap options set. When I add a group map using net groupmap
> > > > between
> > > > > unix:root and nt:Domain Admins, I get a successfull status
> > message.
> > > > >
> > > > > Yet when I do net groupmap list, all groups still point to -->
> > -1
> > > > !!
> > > > >
> > > > > Am I missing something here??
> > > >
> > > > Did you do it this way?
> > > >
> > > > 	net groupmap modify ntgroup="Domain Users" unixgroup=users
> > > >
> > > > Note the word "modify" above. This one bit me hard too. :)
> > > >
> > > > - John T.
> > > > --
> > > > John H Terpstra
> > > > Email: jht at samba.org
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > SBC Yahoo! DSL - Now only $29.95 per month!
> > > http://sbc.yahoo.com
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
>
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>

-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list