[Samba] going from bad to worse

John H Terpstra samba at primastasys.com
Tue Aug 17 16:53:43 GMT 2004


Greg,

>From your groupmappings it appears that you have changed either the
hostname or the workgroup name (or both). This will generate a new
domain SID.
Unfortunately, Samba does not do housekeeping on the file this is stored
in and the "net groupmap" tool will not allow you to delete entries for
a domain SID that is foreign to the current one.

The way you can clear up the groupmapping is by stopping samba nmbd and
smbd. The delete the group_mapping.tdb file - it should be in the
/var/lib/samba directory, or in /var/cache/samba, or in
/usr/local/samba/var/locks (depends on how Samba was compiled).

Then you can restart Samba and remapp your groups. The only groups that
must be mapped are the Domain groups. You can do this by:
     net groupmap modify ntgroup="Domain Users" unixgroup=users

- John T.
---
John H Terpstra
Samba-Team
email: jht at samba.org


> -------- Original Message --------
> Subject: [Samba] going from bad to worse
> From: "Greg Andrews" <andrews at rgt.com.au>
> Date: Tue, August 17, 2004 5:28 am
> To: samba at lists.samba.org
> 
> Howdy People,
> 
> Since my last posting things have definitely taken a turn for the worse
> 
> The XP clients cannot now even find the domain controller !!
> 
> my smb.conf file is
> 
> [global]
> log file = /var/log/samba/log.%m
> load printers = no
> name resolve order = wins bcast lmhosts host
> admin users = @admingrp
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> obey pam restrictions = Yes
> lm announce = True
> domain master = True
> username map = /etc/samba/user.map
> encrypt passwords = yes
> passwd program = /usr/bin/passwd %u
> wins support = true
> dns proxy = No
> netbios name = SAMBASERVER
> server string = sambaserver
> logon script = logon.bat
> unix password sync = yes
> workgroup = PINARC
> os level = 255
> security = user
> preferred master = True
> max log size = 50
> domain logons = Yes
> logon drive = h:
> logon home =\\%N\%U
> logon path = \\%N\profiles\%U
> add user script = /usr/sbin/useradd -d /dev/null -g 400 -s /bin/false -M /%u
> 
> [Profiles]
> comment = Profiles Directory
> path = /SYS/profiles
> read only = no
> create mask = 0600
> directory mask = 0700
> profile acls = yes
> writeable = yes
> 
> [netlogon]
> comment = For Administration Use
> path = /etc/samba/netlogon
> valid users = %U
> write list = @admingrp
> read only = no
> create mask = 0644
> 
> 
> [homes]
> comment = %U home directory
> path = /SYS/home/%U
> valid users = %S
> read only = No
> create mask = 0600
> browseable = No
> directory mask =0700
> locking = no
> 
> [open]
> comment = Pinarc Readable Share
> path = /SYS/world/open
> read only = No
> create mask = 0664
> directory mask = 0775
> valid users = @mars
> 
> 
> The logon script is being executed and the profiles are being written and
> updated.
> 
> How do you fix/delete/change the net groupmap list  output.
> I think this may the root cause of my problems , but I just dont know the
> syntax to fix/delete/change it.
> I have searched google  and the samba manual and they seem to tell you
> everything except how to delete/fix etc.
> 
> I have tried  net delete groupmap ntgroup="Domain Admins" and whilst it
> says it has deleted this group in actually has done nothing.
> 
> Below is the output of net groupmap list and net getlocalsid
> 
> System Operators (S-1-5-32-549) -> -1
> Domain Admins (S-1-5-21-2643210455-489482773-813538922-512) ->admingrp
> Domain Users (S-1-5-21-3314183342-3289294326-2282427927-513) -> mars
> Replicators (S-1-5-32-552) -> -1
> interchange (S-1-5-21-3314183342-3289294326-2282427927-4001) -> inter
> Guests (S-1-5-32-546) -> -1
> lukeman (S-1-5-21-3314183342-3289294326-2282427927-2803) -> madint
> Domain Admins (S-1-5-21-218202318-3803304894-1597324041-512) -> -1
> Domain Users (S-1-5-21-2643210455-489482773-813538922-513) -> -1
> Domain Guests (S-1-5-21-218202318-3803304894-1597324041-514) -> nogroup
> Power Users (S-1-5-32-547) -> -1
> Domain Guests (S-1-5-21-2643210455-489482773-813538922-514) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Domain Guests (S-1-5-21-3314183342-3289294326-2282427927-514) -> -1
> Domain Admins (S-1-5-21-3314183342-3289294326-2282427927-512) -> -1
> AccountOperators (S-1-5-32-548) -> -1
> mad (S-1-5-21-3314183342-3289294326-2282427927-2801) -> mad
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> 
> SID for domain SAMBASERVER is: S-1-5-21-3314183342-3289294326-2282427927
> 
> 
> 
> 
> Please help. Very desperate.
> 
> 
> -- 
> System Manager
> RGTechnologies Pty Ltd
> 606 Skipton Street
> Ballarat 3350
> 613 53363603
> 0417 511 731
> andrews at rgt.com.au
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list