[Samba] "net groupmap" problems

John H Terpstra jht at samba.org
Tue Mar 16 01:45:02 GMT 2004 

On Mon, 15 Mar 2004, Ed Ravin wrote:

> On Mon, Mar 15, 2004 at 08:11:42PM -0500, Ed Ravin wrote:
> > Is there any way to get Samba to match the Unix UIDs to Windows RIDs,
> > or to force the RIDs to be particular values as we can do with
> > "net groupmap" for groups?
>
> Speaking of which, I'm having trouble with that command too (samba-3.0.2a,
> running on Red Hat 6.x Linux with some new bits grafted into it).
>
> I started by deleting group_mapping.tdb and starting the server.
>
>   # net groupmap list | grep Users
>   Power Users (S-1-5-32-547) -> -1
>   Users (S-1-5-32-545) -> -1
>   Domain Users (S-1-5-21-662018651-3907110178-816287836-513) -> -1
>
> Now, I want to map "Domain Users" to my local "users" group and keep
> the same RID:
>
>   [root migration]# net groupmap add rid=513 unixgroup=users type=domain ntgroup='Domain Users'
>   adding entry for group Domain Users failed!

No way! Try the following:

net groupmap modify ntgroup="Domain Users" unixgroup=users

>
> Well, that's a helpful error message.  What's going on here?
>
> I've noticed that I can do this without specifying the RID:
>
>   # net groupmap add  unixgroup=users type=domain ntgroup='Domain Users'
>   No rid or sid specified, choosing algorithmic mapping
>   Successully added group Domain Users to the mapping db
>
> But now, there are TWO entries in the map for "Domain Users":
>
>   # net groupmap list | grep Users
>   Power Users (S-1-5-32-547) -> -1
>   Domain Users (S-1-5-21-662018651-3907110178-816287836-1201) -> users
>   Users (S-1-5-32-545) -> -1
>   Domain Users (S-1-5-21-662018651-3907110178-816287836-513) -> -1
>
> And running rpcclient against localhost reports that "Domain Users"
> is RID 1201, not 513.

net groupmap delete ntgroup="Domain Users"

will get rid of the entry you added.

>
> Other experiments show that there will always be an entry for Domain Users
> with rid 513 pointing to -1, even when I explicitly try to delete it.

Maybe you have could find what you are looking for in the
Samba-HOWTO-Collection.pdf. See:

	http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list