[Samba] trouble with groupmap

John Davis johnd at firstnls.com
Tue Mar 15 18:24:21 GMT 2005


Samba Version 3.0.9-1.3E.2 installed on Vanilla installation of CentOS

Users who log in are unable to install printers via a script like they 
do in all of our other domains. The drivers have been installed properly 
an rpcclient enumdrivers confirms this. When the user logs in, they are 
assigned guest privileges, and I believe that this is what's preventing 
the print install.

A quick tail of the log shows this:
--- begin ---
[2005/03/15 10:12:21, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
   get_domain_user_groups: primary gid of user [johnd] is not a Domain 
group !
   get_domain_user_groups: You should fix it, NT doesn't like that
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
   get_alias_user_groups: gid of user johnd doesn't exist. Check your 
/etc/passwd and /etc/group files
[2005/03/15 10:12:21, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
   get_domain_user_groups: primary gid of user [johnd] is not a Domain 
group !
   get_domain_user_groups: You should fix it, NT doesn't like that
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
   get_alias_user_groups: gid of user johnd doesn't exist. Check your 
/etc/passwd and /etc/group files
[2005/03/15 10:12:21, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
   get_alias_user_groups: gid of user johnd doesn't exist. Check your 
/etc/passwd and /etc/group files
[2005/03/15 10:12:24, 1] smbd/service.c:close_cnum(836)
--- end ---

I have already added the appropriate groupmaps:
--- begin ---
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-3676430718-1223249177-2812214006-513) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3676430718-1223249177-2812214006-2025) -> domadm
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Domain Admins (S-1-5-21-3676430718-1223249177-2812214006-512) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-3676430718-1223249177-2812214006-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3676430718-1223249177-2812214006-2027) -> domuser
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Guests (S-1-5-21-3676430718-1223249177-2812214006-2029) -> domguest
--- end ---

  What I don't understand is why the Domain Admins RID changes when I 
point it to the the unix groups. The UNIX group is set up correctly, and 
the user is a member of domadm and domuser. In the documentation it 
appears to keep the same RID (512, 513, and 514 respectively in this 
case) when mapped to a UNIX group. Mine does not...This is probably why 
the user is being treated as a guest.

Ok, sorry for the long post. How can I fix this problem?
-- 



More information about the samba mailing list