[Samba] Re: NT doesn't like that, you should fix it
Jim C.
jcllings at javahop.com
Fri Jul 9 19:22:36 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| This is a simple problem, but it took me a while to find the answer
also.
|
| man net
|
| and look for GROUPMAP basically you need to map your unix groups to
| samba/windows groups. I have a poor understanding of it all so you will
| probably want to read up on google, but that should get you started.
|
| Miles
|
|
|
|>Dear all,
|>I have this in my /var/log/messages (pls mind the line wrap):
|>smbd3[3660]: [2004/07/09 15:31:26, 0]
|>rpc_server/srv_util.c:get_domain_user_groups(372)
|>
|>smbd3[3660]: get_domain_user_groups: primary gid of user [fajar] is not
|>a
|>Domain group !
Using the net command, you need to map the group you intend to use for
unix users to "Domain Users" with an rid of 513.
net groupmap add rid=513 unixgroup=(place unix group here)
(there's also: net groupmap list, net groupmap delete, net groupmap
modify, etc.)
If I were you, I would let smbldap-populate sort out the built-in and
well-known users and groups. Be warned of the following when useing
these however:
I've found that smbldap-populate REQUIRES settings for userSmbHome and
userProfile but the scripts are not flexible enough to properly deal
with these settings anyway. In the short term, this is just a problem
with the Administrator account as it is the only user added by
smbldap-populate. The rest are all group maps. What I do is set
userSmbHome and userProfile in smbldap_conf.pm to something, run
smbldap-populate, fix the broken userSmbHome and userProfile in the
Administrator's users account record using gq and then comment
userSmbHome and userProfile out in smbldap_conf.pm. This means that
future users will have blank settings for these and so the default
settings in smb.conf will be used instead. Note that on my setup ALL
users have blank userSmbHome and userProfile settings so that the
defaults will be used.
When you run the script you may get errors because somethings have
already been created. This is fine *if* they were created properly:
| [root at enigma samba]# smbldap-populate
| Using builtin directory structure
| adding new entry: dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323, <GEN1
|> line 2.
| adding new entry: ou=People,dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323, <GEN1
|> line 3.
...
So it tried to create the base "dc=j9starr,dc=net" and then it tried to
create ou=People,dc=j9starr,dc=net but it failed because I've already
got those set up.
After this, all you have to remember is that users must belong to the
"Domain Users" group and that administrators belong to the "Domain
Admins" group.
If you are not using it, make sure you comment out this line in smb.conf:
~ username map = /etc/samba/smbusers
If you are using it, be warned that you don't want to re-map any of the
newly created accounts or groups. You'll get errors. I think this map
is really just for folks who want to use files for storeing users, anyway.
Jim C.
- --
- -----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings at hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings at njs.netlab.cz |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7vB857L0B7uXm9oRAlR2AJ9l554WiNFzn97f2IfB2f9/K5PCQACdGybN
GReLMGRgpApEfDmQ8faR3W4=
=Kh33
-----END PGP SIGNATURE-----
More information about the samba
mailing list