[Samba] After Upgrading to rc4 (and still with 3.0.0) having Groupmap problems.

John H Terpstra jht at samba.org
Sat Sep 27 05:45:16 GMT 2003 

On Fri, 26 Sep 2003, David van Geyn wrote:

> Hi,
>
> Before Samba 3.0.0 RC4 I was running Samba 3.0.0 beta3, and when I
> upgraded to RC4, I began having problems with group mappings. I didn't
> notice at first, because on my laptop I don't normally log on to the
> domain. I just noticed when I tried to use my desktop and log on to the
> domain... I don't have Domain Admin privileges.
>
> So, I look at 'net groupmap list' ... and it shows the Domain Admins group
> as mapped to the unix group domadm. Looks good, right?
>
> Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> domadm
>
> Next I tried deleting that groupmap by using 'net groupmap delete
> sid=S-1-5-21-347...........' Now the groupmap was deleted and now shows
> this:
>
> Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1
>
> So now I try to re-add it: 'net groupmap add ntgroup="Domain Admins"
> unixgroup=domadm' and list it again.
>
> Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1
> Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-2161) -> domadm
>
> Now there are two Domain Admin mappings, one null (-1) and the new one I
> just created. As far as I know, that new one should have gone to the one
> with RID of 512. I checked to be sure, but NT/2000 is definitely looking
> for the old Domain Admins group with RID of 512, and the Samba PDF doc
> says Domain Admins should have an RID of 512.
>
> So, I tried to add a groupmap with that SID specifically.
>
> net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512
> unixgroup=domadm

To change an existing entry:

net groupmap modify ntgroup="Domain Admins" unixgroup=root

To delete the spurious entry:

net groupmap delete ntgroup="Domain Admins" unixgroup=domadm

- John T.

>
> And I get this response:
>
> adding entry for group domadm failed!
>
> So then I try:
>
> net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512
> ntgroup="Domain Admins" unixgroup=domadm
>
> And get the same:
>
> adding entry for group Domain Admins failed!
>
>
> ---- I have run out of ideas for getting my groupmap working, but it is
> becoming very strange to log on to PC's and not have Domain Admin
> privileges. Hopefully there is an easy fix for this.
>
> Anyone have any ideas? If you need any more information, please ask.
>
> Thanks in advance,
>
> David van Geyn
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list