[Samba] Net groupmap fails
Kent L. Nasveschuk
kent at wareham.k12.ma.us
Fri Nov 7 11:31:39 GMT 2003
I have yet to get group mapping to work in samba 3.0. Getting very
frustrated.
I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've
added the base domain groups as posixAccounts to the LDAP database using
smbldap-populate.pl.
root at lnxsrvr2:/usr/local/etc/openldap# ldapsearch -xv -b
"o=30greatneck,dc=home,dc=net"
# Administrator, Users, 30GreatNeck, home.net
dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 512
uid: Administrator
uidNumber: 998
homeDirectory: /accounts
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\Lnxsrv2\accounts
sambaHomeDrive: H:
sambaProfilePath: \\Lnxsrv2\profiles\
sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-739112995-4084651483-89095900-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
# nobody, Users, 30GreatNeck, home.net
dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\Lnxsrv2\accounts
sambaHomeDrive: H:
sambaProfilePath: \\Lnxsrv2\profiles\
sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: S-1-5-21-739112995-4084651483-89095900-2998
loginShell: /bin/false
# Domain Admins, Groups, 30GreatNeck, home.net
# Domain Admins, Groups, 30GreatNeck, home.net
dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators (need smb.conf configuration)
# Domain Users, Groups, 30GreatNeck, home.net
dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users (not implemented yet)
memberUid: kent
# Domain Guests, Groups, 30GreatNeck, home.net
dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users (not implemented yet)
# Administrators, Groups, 30GreatNeck, home.net
dn: cn=Administrators,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName (not implemented yet)
# Users, Groups, 30GreatNeck, home.net
dn: cn=Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 545
cn: Users
description: Netbios Domain Ordinary users (not implemented yet)
# Guests, Groups, 30GreatNeck, home.net
dn: cn=Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 546
cn: Guests
memberUid: nobody
description: Netbios Domain Users granted guest access to the
computer/sambaDo
mainName (not implemented yet)
# Power Users, Groups, 30GreatNeck, home.net
dn: cn=Power Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers
(not im
plemented yet)
# Account Operators, Groups, 30GreatNeck, home.net
dn: cn=Account Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts (not
implemente
d yet)
# Server Operators, Groups, 30GreatNeck, home.net
dn: cn=Server Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 549
cn: Server Operators
description: Netbios Domain Server Operators (need smb.conf
configuration)
# Print Operators, Groups, 30GreatNeck, home.net
dn: cn=Print Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators (need smb.conf
configuration)
# Backup Operators, Groups, 30GreatNeck, home.net
dn: cn=Backup Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
(not implemented yet)
# Replicator, Groups, 30GreatNeck, home.net
dn: cn=Replicator,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 552
cn: Replicator
description: Netbios Domain Supports file replication in a
sambaDomainName (no
t implemented yet)
# Domain Computers, Groups, 30GreatNeck, home.net
dn: cn=Domain Computers,ou=Groups,o=30GreatNeck,dc=home,dc=net
objectClass: posixGroup
gidNumber: 553
cn: Domain Computers
description: Netbios Domain Computers accounts
# 30GREATNECK, 30GreatNeck, home.net
dn: sambaDomainName=30GREATNECK,o=30GreatNeck,dc=home,dc=net
sambaDomainName: 30GREATNECK
sambaSID: S-1-5-21-739112995-4084651483-89095900
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
/usr/local/src# /usr/local/samba/bin/net groupmap add ntgroup="Domain
Admins" unixgroup=root rid=512
adding entry for group Domain Admins failed!
/usr/local/samba/bin/net groupmap modify ntgroup="Domain Admins"
unixgroup=root
NT Group Domain Admins doesn't exist in mapping DB
I also tryed the above
I know I need to map Domain Admins to root users to be able to create
machine accounts for W2k machines.
What are some reasons for this to fail? I've read a great deal of
documentation and everything I try fails.
--
Kent L. Nasveschuk <kent at wareham.k12.ma.us>
More information about the samba
mailing list