Réf. : [Samba] Net groupmap fails

Kent L. Nasveschuk kent at wareham.k12.ma.us
Fri Nov 7 13:14:32 GMT 2003


Stephanie,
Thank you for your help. I tryed what you suggest but no luck.. I get
this:

root at lnxsrvr2:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain
Admins" unixgroup="Domain Admins" rid=512
Can't lookup UNIX group Domain Admins

Is there something with initial compiling samba 3.0.0 that would disable
this? All the documentation that I've seen makes it look so easy, but I
can't get it to work. 

On Fri, 2003-11-07 at 06:48, stephane.purnelle at corman.be wrote:
> try /usr/local/samba/bin/net groupmap add ntgroup="Domain
> Admins" unixgroup="Domain Admins" rid=512
> 
> dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> 
> This group is the unix group.
> 
> -----------------------------------
> Stéphane PURNELLE                         stephane.purnelle at corman.be
> Service Informatique       Corman S.A.           Tel : 00 32 087/342467
> 
> 
>                                                                                                                                                      
>                     "Kent L. Nasveschuk" <kent at wareham.k12.ma.us>                                                                                    
>                     Envoyé par :                                           Pour :  Samba List Server <samba at lists.samba.org>                         
>                     samba-bounces+stephane.purnelle=corman.be at lists        cc :                                                                      
>                     .samba.org                                             Objet :      [Samba] Net groupmap fails                                   
>                                                                                                                                                      
>                                                                                                                                                      
>                     07/11/2003 12:31                                                                                                                 
>                                                                                                                                                      
>                                                                                                                                                      
> 
> 
> 
> 
> I have yet to get group mapping to work in samba 3.0. Getting very
> frustrated.
> 
> I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've
> added the base domain groups as posixAccounts to the LDAP database using
> smbldap-populate.pl.
> 
> root at lnxsrvr2:/usr/local/etc/openldap# ldapsearch -xv -b
> "o=30greatneck,dc=home,dc=net"
> 
> # Administrator, Users, 30GreatNeck, home.net
> dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 998
> homeDirectory: /accounts
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\Lnxsrv2\accounts
> sambaHomeDrive: H:
> sambaProfilePath: \\Lnxsrv2\profiles\
> sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512
> sambaLMPassword: XXX
> sambaNTPassword: XXX
> sambaAcctFlags: [U          ]
> sambaSID: S-1-5-21-739112995-4084651483-89095900-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> 
> 
> # nobody, Users, 30GreatNeck, home.net
> dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net
> cn: nobody
> sn: nobody
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> gidNumber: 514
> uid: nobody
> uidNumber: 999
> homeDirectory: /dev/null
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\Lnxsrv2\accounts
> sambaHomeDrive: H:
> sambaProfilePath: \\Lnxsrv2\profiles\
> sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514
> sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> sambaAcctFlags: [NU         ]
> sambaSID: S-1-5-21-739112995-4084651483-89095900-2998
> loginShell: /bin/false
> 
> # Domain Admins, Groups, 30GreatNeck, home.net
> 
> # Domain Admins, Groups, 30GreatNeck, home.net
> dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 512
> cn: Domain Admins
> memberUid: Administrator
> description: Netbios Domain Administrators (need smb.conf configuration)
> 
> # Domain Users, Groups, 30GreatNeck, home.net
> dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 513
> cn: Domain Users
> description: Netbios Domain Users (not implemented yet)
> memberUid: kent
> 
> # Domain Guests, Groups, 30GreatNeck, home.net
> dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 514
> cn: Domain Guests
> description: Netbios Domain Guests Users (not implemented yet)
> 
> # Administrators, Groups, 30GreatNeck, home.net
> dn: cn=Administrators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 544
> cn: Administrators
> description: Netbios Domain Members can fully administer the
> computer/sambaDom
>  ainName (not implemented yet)
> 
> # Users, Groups, 30GreatNeck, home.net
> dn: cn=Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 545
> cn: Users
> description: Netbios Domain Ordinary users (not implemented yet)
> 
> # Guests, Groups, 30GreatNeck, home.net
> dn: cn=Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 546
> cn: Guests
> memberUid: nobody
> description: Netbios Domain Users granted guest access to the
> computer/sambaDo
>  mainName (not implemented yet)
> 
> # Power Users, Groups, 30GreatNeck, home.net
> dn: cn=Power Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 547
> cn: Power Users
> description: Netbios Domain Members can share directories and printers
> (not im
>  plemented yet)
> 
> # Account Operators, Groups, 30GreatNeck, home.net
> dn: cn=Account Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 548
> cn: Account Operators
> description: Netbios Domain Users to manipulate users accounts (not
> implemente
>  d yet)
> 
> # Server Operators, Groups, 30GreatNeck, home.net
> dn: cn=Server Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 549
> cn: Server Operators
> description: Netbios Domain Server Operators (need smb.conf
> configuration)
> 
> # Print Operators, Groups, 30GreatNeck, home.net
> dn: cn=Print Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 550
> cn: Print Operators
> description: Netbios Domain Print Operators (need smb.conf
> configuration)
> 
> # Backup Operators, Groups, 30GreatNeck, home.net
> dn: cn=Backup Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 551
> cn: Backup Operators
> description: Netbios Domain Members can bypass file security to back up
> files
>  (not implemented yet)
> 
> # Replicator, Groups, 30GreatNeck, home.net
> dn: cn=Replicator,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 552
> cn: Replicator
> description: Netbios Domain Supports file replication in a
> sambaDomainName (no
>  t implemented yet)
> 
> # Domain Computers, Groups, 30GreatNeck, home.net
> dn: cn=Domain Computers,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> gidNumber: 553
> cn: Domain Computers
> description: Netbios Domain Computers accounts
> 
> # 30GREATNECK, 30GreatNeck, home.net
> dn: sambaDomainName=30GREATNECK,o=30GreatNeck,dc=home,dc=net
> sambaDomainName: 30GREATNECK
> sambaSID: S-1-5-21-739112995-4084651483-89095900
> sambaAlgorithmicRidBase: 1000
> objectClass: sambaDomain
> 
> 
> /usr/local/src# /usr/local/samba/bin/net groupmap add ntgroup="Domain
> Admins" unixgroup=root rid=512
> adding entry for group Domain Admins failed!
> 
> /usr/local/samba/bin/net groupmap modify ntgroup="Domain Admins"
> unixgroup=root
> NT Group Domain Admins doesn't exist in mapping DB
> 
> I also tryed the above
> 
> I know I need to map Domain Admins to root users to be able to create
> machine accounts for W2k machines.
> 
> What are some reasons for this to fail? I've read a great deal of
> documentation and everything I try fails.
> 
> --
> Kent L. Nasveschuk <kent at wareham.k12.ma.us>
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 
-- 
Kent L. Nasveschuk <kent at wareham.k12.ma.us>




More information about the samba mailing list