[Samba] Re: Groupmapping doesn't work
Igor Belyi
sambauser at katehok.ac93.org
Wed Oct 13 15:27:11 GMT 2004
Tilo Lutz wrote:
>>>I got a problem with groupmapping. It doesn't work correct:
>>>
>>>Wilma2:/home/root # net groupmap list | grep 512
>>>Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm
>>>
>>>ldapsearch -x cn=domadm:
>>># domadm, groups, wms-hn.de
>>>dn: cn=domadm,ou=groups,dc=my-domain
>>>objectClass: posixGroup
>>>objectClass: sambaGroupMapping
>>>cn: domadm
>>>gidNumber: 65669
>>>memberUid: tilo
>>>sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512
>>>sambaGroupType: 2
>>>displayName: Domain Admins
>>>description: Domain Admins
>>>
>>>
>>>The problem is "tilo" doesn't have any administrator rights.
>>>
>>>Any idea whats wrong? I use samba 3.0.7
>
>
>>What 'getent group domadm' returns you? I suspect that it does not have
>>tilo as a member. If you have the same posixGroup defined both in
>>/etc/group and in LDAP and what to have definition
>
>
> wormhole:/var/log # getent group | grep domadm
> domadm:x:65669:tilo
>
> It has "tilo" as member. The group is only define in ldap, not in
> /etc/group
Did you also check that SID of this 'Domain Admins' is acctually belong
to your Domain? What 'net getlocalsid' returns you?
Does tilo user belong to 'Domain Admins' when you look at it with
usrmgr.exe under Windows?
Does 'Domain Admins' group is a member of local 'Administrators' group
on Windows?
Igor
More information about the samba
mailing list