[Samba] domain groups
John H Terpstra
jht at samba.org
Mon Oct 20 16:53:48 GMT 2003
On Mon, 20 Oct 2003, Douglas Phillipson wrote:
> I have ACL's enabled and am getting a new error, in the Samba log (V
> 3.0.1Pre1, when attempting to set permissions on a file through Win2000:
>
> get_domain_user_groups: primary gid of user [terry] is not a Domain
> group !
> get_domain_user_groups: You should fix it, NT doesn't like that
The primary UNIX group for each user must map to a Domain group. That's
all it means.
> Do I need to create a group on the windows(2000) side? The entries in
> the domaingroup.map don't do this? Please be verbose in answering. A
> couple of good example wouldn't hurt also.
>
> I have a domain group map:
>
> domain group map = /etc/samba/domaingroup.map
>
> Contents of this map are:
>
> domuser = "Domain User"
> domadmin = "Domain Admin"
This is NOT supported in Samba-3. Instead you need to use the 'net
groupmap' facility to map UNIX groups to NT Groups. This is well
documented in chapter 12 of the Samba-HOWTO-Collection.pdf. I presume you
did read it?
To map the UNIX domuser group to Domain Users:
net groupmap modify ntgroup="Domain Users" unixgroup=domusers
> I have terry in /etc/group and passwd as such:
>
> /etc/passwd:
>
> terry:x:505:10000::/home/terry:/bin/bash
>
> /etc/group:
>
> domuser:x:10000:terry, phillipd
These entries are Ok.
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list