[Samba] Re: GroupMap Issues
gmane at tippingmar.com
Wed Feb 4 01:35:57 GMT 2004
"Craig White" <craigwhite at azapple.com> wrote in message
news:1075437581.399.17.camel at lin-workstation.azapple.com...
> On Thu, 2004-01-29 at 19:33, Jason Gray wrote:
> > I have been trying to figure out what this error is:
> > Jan 29 18:23:07 dc2 smbd: [2004/01/29 18:23:07, 0]
> > rpc_server/srv_util.c:get_domain_user_groups(371)
> > Jan 29 18:23:07 dc2 smbd: get_domain_user_groups: primary gid
> > user [barbara] is not a Domain group !
> > Jan 29 18:23:07 dc2 smbd: get_domain_user_groups: You should
> > it, NT doesn't like that
> > Jan 29 18:23:08 dc2 smbd: [2004/01/29 18:23:08, 0]
> > rpc_server/srv_util.c:get_alias_user_groups(219)
> > Jan 29 18:23:08 dc2 smbd: get_alias_user_groups: gid of user
> > barbara doesn't exist. Check your /etc/passwd and /etc/group files
> > I thought I fixed the error but it keeps coming back. My only concern
> > that it is slowing network access down. Is this an error I should be
> > worried about? I'm using LDAP as my backend so why Samba is checking
> > /etc/passwd and /etc/group files is strange. I have the nsswitch setup
> > check "files ldap winbind".
> > Is this error due to the fact that Samba checks the files first, can't
> > the users, then goes onto ldap?
> > It's kind of annoying cuz I don't know if the error is a problem or not.
> most errors should be considered problems
> gid of user barbara doesn't exist - primary gid of user barbara not a
> Domain group ! NT doesn't like that
> You are gonna need to fix these things...
> sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-513
> substitute your sid for this value - the end -513 stands for the
> 'built-in' "Domain Users" group, a very good idea for most users on the
> network (obvious exceptions are unprivileged users)
> If you actually understand LDAP and can manipulate the information, a
> group would look like this...
> dn: cn=Domain Users,ou=Groups,o=Mullen,c=US
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> cn: Domain Users
> gidNumber: 1008
> sambaSID: S-1-5-21-1292501092-333717336-619646970-513
> sambaGroupType: 2
> displayName: Domain Users
> description: All domain users
> creatorsName: cn=root,o=Mullen,c=US
> createTimestamp: 20040121055900Z
> memberUid: root
> memberUid: artstation
> memberUid: Administrator
> and so on with many members...
> any posix group can be a sambaDomainGroup - the requisite items are:
> objectclass: sambaGroupMapping
> sambaSID: #which can't belong to anything else, best to number the last
> extension over 1000
> sambaGroupType: #2 for Domain group - 5 for local group
> if there is no group mapping for a particular sambaSID, then you could
> use the net groupmap add command to create these values.
> if there is a group mapping for a particular sambaSID, then you can use
> the net groupmap modify command but I have to tell you, I find it
> infinitely easier and more direct to change these either directly
> through ldif or through phpldapadmin.
I see these errors too, but I am still using the smbpasswd back end. What
is samba using as the primary group? Is it the unix primary group? If so,
should I modify the users' unix accounts to all be in the same primary unix
group and then map that group to "Domain Users"? Since it is a redhat
system, the users all have primary unix groups that are the same as their
usernames, but I could change that.
More information about the samba