[Samba] groupmap not working correctly
bgmilne at obsidian.co.za
Fri May 7 08:47:03 GMT 2004
On Thu, 6 May 2004, Stephen Touset wrote:
> Currently, my company is trying to deploy a Samba 3.0 server with an
> LDAP back end, for domain authentication. Everything's going extremely
> well so far except for one facet: net groupmap doesn't seem to play well
> with LDAP. I can make the mappings just fine:
> hank:/var# net groupmap list
> Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) -> users
> Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) -> wheel
> However, when it comes to actually giving these users the permissions,
> it isn't done. Members of wheel aren't given Administrative privilege on
> Domain Member machines. And I can't seem to figure out if there's a way
> to view the membership of a group through Windows dialogs, so I can
> verify whether or not the correct users are indeed members.
> Has anyone else had a problem similar to this, or can give me pointers
> as to where to proceed from here?
You need to ensure that the unix group memberships are correct on the
domain controller (ie 'groups $user'). Especially since you are re-using
pre-existing unix groups (which can cause confusion on the part of the nss
service if the groups exist both in local files and in LDAP).
I would suggest that you use new unix groups (or be very careful with your
nss set up etc).
More information about the samba