[Samba] Group membership
Misty Stanley-Jones
misty at borkholder.com
Tue Oct 12 22:04:38 GMT 2004
I am using Samba PDC with OpenLDAP2 and smbldap-tools. As part of my
logon.bat, I call a script called ifmember.exe. This script can list out the
groups a user is a member of. It is reporting that my root user is a member
of the group 'engr.' I don't know if this is a bug with ifmember.exe or if
it's an issue in Samba or in LDAP. Here is some relevant data:
oink:/etc/smbldap-tools # smbldap-groupshow engr
dn: cn=engr,ou=groups,dc=borkholder,dc=com
cn: engr
gidNumber: 1001
memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb
objectClass: top,posixGroup,sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001
oink:/usr/local/sbin # ./smbldap-usershow root
dn: cn=root,ou=people,dc=borkholder,dc=com
objectClass: account,posixAccount,top,sambaSamAccount
cn: root
uid: root
uidNumber: 0
gidNumber: 0
loginShell: /bin/bash
homeDirectory: /root
displayName: root
sambaPwdCanChange: 1095966471
sambaPwdMustChange: 2147483647
sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE
sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678
sambaPasswordHistory:
0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1095966471
sambaAcctFlags: [U ]
userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-500
sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512
oink:/usr/local/sbin # net groupmap list
acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin
truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss
hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr
furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture
dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch
Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain Admins
Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) -> Domain Users
Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514) -> Domain Guests
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) ->
Workgroup Computers
Administrators (S-1-5-32-544) -> Administrators
acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct
receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) -> receptionist
engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr
Is there anywhere else I can look to see why this command thinks I'm a member
of the engr group? I'm using nss_ldap on the server for authentication as
well.
Misty
More information about the samba
mailing list