[Samba] Group SID problems?

jonlists jonlists at cbsol.com
Tue May 17 18:46:04 GMT 2005


samba-bounces+jonlists=cbsol.com at lists.samba.org wrote on 05/17/2005 
01:33:57 PM:

> On Tuesday 17 May 2005 12:11, jonlists wrote:
> > Now that I look at this further, I notice that the "Domain Users", 
"Domain
> > Admins", etc are not assigned..... mapped.
> >
> > Unfortunately, trying to assign them using the net groupmap modify 
results
> > in a complaint the first time that the group "Domain Admins" doesn't 
exist
> > in mapping DB (which it doesn't because it's LDAP, although you can't 
add
> > it due to spaces).
> > net groupmap add "Domain Users" unixgroup=users complains that "group 
1002
> > already exists in LDAP
> >
> > So the key here is how I add "Domain users" to OpenLDAP, then map that
> > group to unixgroup users. ....... correct?
> 
> Correct. How are you handling the interface scripts? What do you 
> have for "add 
> user script" etc.?
> 

Argh.......  there isn't one.....!!!! 

Problem with this site is I'm not sure how many changes I can actually 
make if you know what I mean, or what changes are going to be made that 
affect other things I don't know about (yet). 

Users are being added through Yast......  so, the thing becomes.... i 
change smb.conf long enough to add the base scripts, then change it back 
so they can continue to use Yast. 

Knew I was missing something. 

> - John T.
> 
> >
> > Jon Johnston
> > Creative Business Solutions
> > IBM, Microsoft, Novell/Suse, Sophos Consultants
> > http://www.cbsol.com
> > blog:http://bingo.cbsol.com
> >
> > samba-bounces+jonlists=cbsol.com at lists.samba.org wrote on 05/17/2005
> >
> > 11:32:39 AM:
> > > Have a site where the network users are connecting to most shares
> >
> > through
> >
> > > group usage. Unfortunately, access to Samba is sporadic. Sometimes 
they
> > > connect okay, sometimes they can't connect at all.
> > >
> > > Looking at their system config, I notice that the SID's for the 
groups
> > > look..... odd. The users group ends in 3005.... but each user's
> > > PrimaryGroupSID is a group with a SID that ends in 1201, and there 
is no
> > >
> > > group that I can find with this SID. This site uses a LDAP backend.
> > >
> > > The question is - what specifically should I look for in the logs to
> > > verify that incorrect "mapping" of group SID's would cause the issue
> >
> > with
> >
> > > sporadic connectivity? (there doesn't seem to be any issue of 
network
> > > connectivity).
> > >
> > > Thanks for any insight, ideas.......
> > >
> > > Jon Johnston
> > > Creative Business Solutions
> > > IBM, Microsoft, Novell/Suse, Sophos Consultants
> > > http://www.cbsol.com
> > > blog:http://bingo.cbsol.com
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> 
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list