[Samba] Groups problem

John H Terpstra jht at samba.org
Tue Nov 4 16:25:55 GMT 2003 

On Tue, 4 Nov 2003, Milos Webmail wrote:

> We would like to migrate grom Winnt 4.0 to Samba 3 with ldap support. We
> have installed openldap on Rh 2.1 AS and created starting databases with
> IDEALX.org scripts. Now i have added computer to domain no problems and
> than I tried to migrate users and groups, but only user migrate but
> there is a problem "  Primary group of Administrator has no mapping!" (
> this is error for every user).
>
> Then I try to assign Unix group to nt group:
>
> [root at kekec milos]# net groupmap modify ntgroup="Domain Admins"
> unixgroup=root
>
> NT Group Domain Admins doesn't exist in mapping DB

That's correct. If you use "tdbsam" these are automatically created. You
can then migrate them to LDAP using:

	pdbedit -i tdbsam -e ldapsam

If you go directly to LDAP you have to create all group entries yourself.
The right way to do that is:

	net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512

>
> Or
>
> [root at kekec milos]# net groupmap modify ntgroup="Domain Admins"
> unixgroup=root rid=512
>
> Bad option: rid=512

Yes, correct. You can not modify something that does not exist. :)

>
> Does any one have any idea what i'm doing wrong ????


Did you check if ANY NT Group that has a space in the name created a UNIX
group account? You will most likely find it did not because the "groupadd"
utility will not allow you to do that. :)

The work around is the script provided in the Samba-HOWTO-Collection.


- John T.
>
>
>
> Regards, Milos
>
>
>
>
>
> [root at kekec milos]# net rpc vampire -S server -U Administrator
>
> Fetching DOMAIN database
>
> SAM_DELTA_DOMAIN_INFO not handled
>
> Creating unix group: 'Domain Admins'
>
> Creating unix group: 'Domain Users'
>
> Creating unix group: 'Domain Guests'
>
> Creating unix group: 'Uprava'
>
> Creating unix group: 'Mail'
>
> Creating unix group: 'Spin'
>
> Creating unix group: 'MTS Trusted Impersonators'
>
> Creating unix group: 'Birpis'
>
> Creating unix group: 'Lirpis'
>
> Creating account: Administrator
>
> [2003/11/04 15:14:09, 0] utils/net_rpc_samsync.c:fetch_account_info(488)
>
>   Primary group of Administrator has no mapping!
>
> Creating account: Guest
>
> [2003/11/04 15:14:09, 0] utils/net_rpc_samsync.c:fetch_account_info(488)
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list