[Samba] trouble with groupmap
John Davis
johnd at firstnls.com
Tue Mar 15 18:24:21 GMT 2005
Samba Version 3.0.9-1.3E.2 installed on Vanilla installation of CentOS
Users who log in are unable to install printers via a script like they
do in all of our other domains. The drivers have been installed properly
an rpcclient enumdrivers confirms this. When the user logs in, they are
assigned guest privileges, and I believe that this is what's preventing
the print install.
A quick tail of the log shows this:
--- begin ---
[2005/03/15 10:12:21, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
get_domain_user_groups: primary gid of user [johnd] is not a Domain
group !
get_domain_user_groups: You should fix it, NT doesn't like that
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
get_alias_user_groups: gid of user johnd doesn't exist. Check your
/etc/passwd and /etc/group files
[2005/03/15 10:12:21, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
get_domain_user_groups: primary gid of user [johnd] is not a Domain
group !
get_domain_user_groups: You should fix it, NT doesn't like that
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
get_alias_user_groups: gid of user johnd doesn't exist. Check your
/etc/passwd and /etc/group files
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
get_alias_user_groups: gid of user johnd doesn't exist. Check your
/etc/passwd and /etc/group files
[2005/03/15 10:12:24, 1] smbd/service.c:close_cnum(836)
--- end ---
I have already added the appropriate groupmaps:
--- begin ---
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-3676430718-1223249177-2812214006-513) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3676430718-1223249177-2812214006-2025) -> domadm
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Domain Admins (S-1-5-21-3676430718-1223249177-2812214006-512) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-3676430718-1223249177-2812214006-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3676430718-1223249177-2812214006-2027) -> domuser
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Guests (S-1-5-21-3676430718-1223249177-2812214006-2029) -> domguest
--- end ---
What I don't understand is why the Domain Admins RID changes when I
point it to the the unix groups. The UNIX group is set up correctly, and
the user is a member of domadm and domuser. In the documentation it
appears to keep the same RID (512, 513, and 514 respectively in this
case) when mapped to a UNIX group. Mine does not...This is probably why
the user is being treated as a guest.
Ok, sorry for the long post. How can I fix this problem?
--
More information about the samba
mailing list