Réf. : [Samba] Net groupmap fails

John H Terpstra jht at samba.org
Fri Nov 7 15:50:15 GMT 2003 

On Fri, 7 Nov 2003, Kent L. Nasveschuk wrote:

> Stephanie,
> Thank you for your help. I tryed what you suggest but no luck.. I get
> this:
>
> root at lnxsrvr2:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain
> Admins" unixgroup="Domain Admins" rid=512
> Can't lookup UNIX group Domain Admins
>
> Is there something with initial compiling samba 3.0.0 that would disable
> this? All the documentation that I've seen makes it look so easy, but I
> can't get it to work.

No. You need to add scripts that will work on your system for entries
like:

	add machine script
	add user script
	add group script

Here are the minimal entries for my current network configuration:

        add user script = /usr/sbin/useradd -m %u
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupadd %g
        add user to group script = /usr/sbin/usermod -G %g %u
      add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u

I hope this helps you.

Note: The Linux "groupadd" utility will NOT allow you to add a group that
has upper case characters or spaces in it!

Cheers,
John T.

>
> On Fri, 2003-11-07 at 06:48, stephane.purnelle at corman.be wrote:
> > try /usr/local/samba/bin/net groupmap add ntgroup="Domain
> > Admins" unixgroup="Domain Admins" rid=512
> >
> > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> >
> > This group is the unix group.
> >
> > -----------------------------------
> > Stéphane PURNELLE                         stephane.purnelle at corman.be
> > Service Informatique       Corman S.A.           Tel : 00 32 087/342467
> >
> >
> >
> >                     "Kent L. Nasveschuk" <kent at wareham.k12.ma.us>
> >                     Envoyé par :                                           Pour :  Samba List Server <samba at lists.samba.org>
> >                     samba-bounces+stephane.purnelle=corman.be at lists        cc :
> >                     .samba.org                                             Objet :      [Samba] Net groupmap fails
> >
> >
> >                     07/11/2003 12:31
> >
> >
> >
> >
> >
> >
> > I have yet to get group mapping to work in samba 3.0. Getting very
> > frustrated.
> >
> > I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've
> > added the base domain groups as posixAccounts to the LDAP database using
> > smbldap-populate.pl.
> >
> > root at lnxsrvr2:/usr/local/etc/openldap# ldapsearch -xv -b
> > "o=30greatneck,dc=home,dc=net"
> >
> > # Administrator, Users, 30GreatNeck, home.net
> > dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net
> > cn: Administrator
> > sn: Administrator
> > objectClass: inetOrgPerson
> > objectClass: sambaSAMAccount
> > objectClass: posixAccount
> > gidNumber: 512
> > uid: Administrator
> > uidNumber: 998
> > homeDirectory: /accounts
> > sambaPwdLastSet: 0
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > sambaPwdMustChange: 2147483647
> > sambaHomePath: \\Lnxsrv2\accounts
> > sambaHomeDrive: H:
> > sambaProfilePath: \\Lnxsrv2\profiles\
> > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512
> > sambaLMPassword: XXX
> > sambaNTPassword: XXX
> > sambaAcctFlags: [U          ]
> > sambaSID: S-1-5-21-739112995-4084651483-89095900-2996
> > loginShell: /bin/false
> > gecos: Netbios Domain Administrator
> >
> >
> > # nobody, Users, 30GreatNeck, home.net
> > dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net
> > cn: nobody
> > sn: nobody
> > objectClass: inetOrgPerson
> > objectClass: sambaSAMAccount
> > objectClass: posixAccount
> > gidNumber: 514
> > uid: nobody
> > uidNumber: 999
> > homeDirectory: /dev/null
> > sambaPwdLastSet: 0
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > sambaPwdMustChange: 2147483647
> > sambaHomePath: \\Lnxsrv2\accounts
> > sambaHomeDrive: H:
> > sambaProfilePath: \\Lnxsrv2\profiles\
> > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514
> > sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> > sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
> > sambaAcctFlags: [NU         ]
> > sambaSID: S-1-5-21-739112995-4084651483-89095900-2998
> > loginShell: /bin/false
> >
> > # Domain Admins, Groups, 30GreatNeck, home.net
> >
> > # Domain Admins, Groups, 30GreatNeck, home.net
> > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 512
> > cn: Domain Admins
> > memberUid: Administrator
> > description: Netbios Domain Administrators (need smb.conf configuration)
> >
> > # Domain Users, Groups, 30GreatNeck, home.net
> > dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 513
> > cn: Domain Users
> > description: Netbios Domain Users (not implemented yet)
> > memberUid: kent
> >
> > # Domain Guests, Groups, 30GreatNeck, home.net
> > dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 514
> > cn: Domain Guests
> > description: Netbios Domain Guests Users (not implemented yet)
> >
> > # Administrators, Groups, 30GreatNeck, home.net
> > dn: cn=Administrators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 544
> > cn: Administrators
> > description: Netbios Domain Members can fully administer the
> > computer/sambaDom
> >  ainName (not implemented yet)
> >
> > # Users, Groups, 30GreatNeck, home.net
> > dn: cn=Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 545
> > cn: Users
> > description: Netbios Domain Ordinary users (not implemented yet)
> >
> > # Guests, Groups, 30GreatNeck, home.net
> > dn: cn=Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 546
> > cn: Guests
> > memberUid: nobody
> > description: Netbios Domain Users granted guest access to the
> > computer/sambaDo
> >  mainName (not implemented yet)
> >
> > # Power Users, Groups, 30GreatNeck, home.net
> > dn: cn=Power Users,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 547
> > cn: Power Users
> > description: Netbios Domain Members can share directories and printers
> > (not im
> >  plemented yet)
> >
> > # Account Operators, Groups, 30GreatNeck, home.net
> > dn: cn=Account Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 548
> > cn: Account Operators
> > description: Netbios Domain Users to manipulate users accounts (not
> > implemente
> >  d yet)
> >
> > # Server Operators, Groups, 30GreatNeck, home.net
> > dn: cn=Server Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 549
> > cn: Server Operators
> > description: Netbios Domain Server Operators (need smb.conf
> > configuration)
> >
> > # Print Operators, Groups, 30GreatNeck, home.net
> > dn: cn=Print Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 550
> > cn: Print Operators
> > description: Netbios Domain Print Operators (need smb.conf
> > configuration)
> >
> > # Backup Operators, Groups, 30GreatNeck, home.net
> > dn: cn=Backup Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 551
> > cn: Backup Operators
> > description: Netbios Domain Members can bypass file security to back up
> > files
> >  (not implemented yet)
> >
> > # Replicator, Groups, 30GreatNeck, home.net
> > dn: cn=Replicator,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 552
> > cn: Replicator
> > description: Netbios Domain Supports file replication in a
> > sambaDomainName (no
> >  t implemented yet)
> >
> > # Domain Computers, Groups, 30GreatNeck, home.net
> > dn: cn=Domain Computers,ou=Groups,o=30GreatNeck,dc=home,dc=net
> > objectClass: posixGroup
> > gidNumber: 553
> > cn: Domain Computers
> > description: Netbios Domain Computers accounts
> >
> > # 30GREATNECK, 30GreatNeck, home.net
> > dn: sambaDomainName=30GREATNECK,o=30GreatNeck,dc=home,dc=net
> > sambaDomainName: 30GREATNECK
> > sambaSID: S-1-5-21-739112995-4084651483-89095900
> > sambaAlgorithmicRidBase: 1000
> > objectClass: sambaDomain
> >
> >
> > /usr/local/src# /usr/local/samba/bin/net groupmap add ntgroup="Domain
> > Admins" unixgroup=root rid=512
> > adding entry for group Domain Admins failed!
> >
> > /usr/local/samba/bin/net groupmap modify ntgroup="Domain Admins"
> > unixgroup=root
> > NT Group Domain Admins doesn't exist in mapping DB
> >
> > I also tryed the above
> >
> > I know I need to map Domain Admins to root users to be able to create
> > machine accounts for W2k machines.
> >
> > What are some reasons for this to fail? I've read a great deal of
> > documentation and everything I try fails.
> >
> > --
> > Kent L. Nasveschuk <kent at wareham.k12.ma.us>
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list