[Samba] net groupmap add/modify script fails

John H Terpstra jht at Samba.Org
Thu Jun 9 19:07:27 GMT 2005 

On Thursday 09 June 2005 09:38, Jeremy wrote:
> I am following the installation described in Chapter 3 of Samba By Example
> (http://samba.org/samba/docs/man/Samba-Guide/secure.html) and at Step 5 i
> run into the following problem:
>
> I copied the example script to /etc/samba/initGrps.sh and customized the
> group names, then
>
> brandy:/etc/samba# chmod 755 initGrps.sh
> brandy:/etc/samba# ./initGrps.sh
>
> groupadd: group akkaras exists
> groupadd: group aksteinhilber exists
> groupadd: group akstark exists
> Updated mapping entry for Domain Admins
> Updated mapping entry for Domain Users
> Updated mapping entry for Domain Guests
> No rid or sid specified, choosing algorithmic mapping
> adding entry for group AK Karas failed!
> No rid or sid specified, choosing algorithmic mapping
> adding entry for group AK Steinhilber failed!
> No rid or sid specified, choosing algorithmic mapping
> adding entry for group AK Stark failed!


How often have you run the initGrps.sh script?

>
> Then after RTFMing I tried
>
> brandy:/etc/samba# net groupmap list | sort
> Account Operators (S-1-5-32-548) -> -1
> Administrators (S-1-5-32-544) -> -1
> AK Karas (S-1-5-21-1348455924-348699262-4184906134-3003) -> akkaras
> AK Stark (S-1-5-21-1348455924-348699262-4184906134-3007) -> akstark
> AK Steinhilber (S-1-5-21-1348455924-348699262-4184906134-3005) ->
> aksteinhilber Backup Operators (S-1-5-32-551) -> -1
> Domain Admins (S-1-5-21-1348455924-348699262-4184906134-512) -> root
> Domain Admins (S-1-5-21-1972254233-2250998545-1379234658-512) -> -1
> Domain Guests (S-1-5-21-1348455924-348699262-4184906134-514) -> nogroup
> Domain Guests (S-1-5-21-1972254233-2250998545-1379234658-514) -> -1
> Domain Users (S-1-5-21-1348455924-348699262-4184906134-513) -> -1
> Domain Users (S-1-5-21-1972254233-2250998545-1379234658-513) -> users
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Replicators (S-1-5-32-552) -> -1
> System Operators (S-1-5-32-549) -> -1

Your Samba SID has changed for one of the reasons documented in chapter 8 of 
the Samba-3 By Example book (current on-line version). You have multiple 
entries for Domain Users, Domain Groups, Domain Guests. Get rid of them by 
executing:

	net groupmap cleanup

That should leave things in a sane state.

- John T.


>
> So, it appears (atleast to me) that the mapping has worked, but what is
> failing then?
>
> Thanks in advance!!!

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list