[Samba] After Upgrading to rc4 (and still with 3.0.0) having
Groupmap problems.
David van Geyn
dataiv-lists-200308 at noc.peon.net
Sat Sep 27 02:02:31 GMT 2003
Hi,
Before Samba 3.0.0 RC4 I was running Samba 3.0.0 beta3, and when I
upgraded to RC4, I began having problems with group mappings. I didn't
notice at first, because on my laptop I don't normally log on to the
domain. I just noticed when I tried to use my desktop and log on to the
domain... I don't have Domain Admin privileges.
So, I look at 'net groupmap list' ... and it shows the Domain Admins group
as mapped to the unix group domadm. Looks good, right?
Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> domadm
Next I tried deleting that groupmap by using 'net groupmap delete
sid=S-1-5-21-347...........' Now the groupmap was deleted and now shows
this:
Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1
So now I try to re-add it: 'net groupmap add ntgroup="Domain Admins"
unixgroup=domadm' and list it again.
Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1
Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-2161) -> domadm
Now there are two Domain Admin mappings, one null (-1) and the new one I
just created. As far as I know, that new one should have gone to the one
with RID of 512. I checked to be sure, but NT/2000 is definitely looking
for the old Domain Admins group with RID of 512, and the Samba PDF doc
says Domain Admins should have an RID of 512.
So, I tried to add a groupmap with that SID specifically.
net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512
unixgroup=domadm
And I get this response:
adding entry for group domadm failed!
So then I try:
net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512
ntgroup="Domain Admins" unixgroup=domadm
And get the same:
adding entry for group Domain Admins failed!
---- I have run out of ideas for getting my groupmap working, but it is
becoming very strange to log on to PC's and not have Domain Admin
privileges. Hopefully there is an easy fix for this.
Anyone have any ideas? If you need any more information, please ask.
Thanks in advance,
David van Geyn
More information about the samba
mailing list