[samba] users in multiple groups?

Paul Gienger pgienger at ae-solutions.com
Mon Nov 1 17:24:08 GMT 2004 

> quigon1:~ # getent groups
> Unknown database: groups

Oh yeah, duh... you know, I thought I made a mistake once, but then when 
I reexamined the situation, it turned out that I didn't... AAAANYWAY

the populate script made this for me:
[fgoserv:tmp]# getent group "Domain Admins"
Domain Admins::512:Administrator,pgienger,smoorhou,rklose,speterso

but I see you have a ntadmin and nothing like the "Domain Users" so I 
wonder if you used an old version of the script package.   I would 
suggest getting the newest version of the tool package and re-running 
the populate script.

>
> quigon1:~ # groups ws0dwi
> id: cannot find name for group ID 901
> quigon1:~ # id ws0dwi
> uid=186712(ws0dwi) gid=901 groups=901

This leads me to ask where group 901 is/should be coming from.  Did you 
start making samba groups in LDAP without creating them as posix groups 
first?  The procedure should be to make the group in unix, presumably 
you should do this in ldap with whatever tool you like (gq, 
phpldapadmin, bare metal LDIF file input) and then do a groupmapping 
with a "net groupmap add" command.

>
> yes my groups were created using smbldap-populate.pl, but i cant see 
> it being mapped to any UNIX group, which group should it be mapped to 
> and how is the done?

Again, this should all be taken care of for you.  You should end up with 
this: (among some others perhaps)

[fgoserv:tmp]# /opt/samba/bin/net groupmap list
Domain Admins (S-1-5-21-112718084-1284083569-2990761952-512) -> Domain 
Admins
Domain Users (S-1-5-21-112718084-1284083569-2990761952-513) -> Domain Users
Domain Guests (S-1-5-21-112718084-1284083569-2990761952-514) -> Domain 
Guests
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Domain Computers (S-1-5-21-112718084-1284083569-2990761952-515) -> 
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Power Users (S-1-5-32-547) -> Power Users

-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com

More information about the samba mailing list