[Samba] Group mapping giving incorrect GIDs
Eric Roseme
eroseme at emonster.rose.hp.com
Wed Nov 9 16:14:27 GMT 2005
a.nielsen at research.uq.edu.au wrote:
>Hi,
>
>I think I've narrowed down my problem to the fact that the group mapping is
>not giving me the same GID for all 'equivalent' groups, as seen here:
>
>$ net groupmap list
>DOMAIN\Group1 (S-1-5-21-620321403-24207062-1845911597-172256) -> unixgrp1
>
>$ getent group unixgrp1
>unixgrp1:x:203:
>
>$ getent group DOMAIN\\Group1
>DOMAIN\Group1:x:10001:DOMAIN\User1
>
>This means that the GID of unixgrp1 is 203, however the GID of DOMAIN\Group1
>is completely different! Given the group mapping, I was expecting that both
>groups would be returned with a GID of 203, so that according to the Linux
>box both those groups are the same.
>
>As it stands now, when DOMAIN\User1 connects, it's using a GID of 10001
>which has no access to the filesystem. It should be connecting as GID 203,
>which has the correct filesystem permissions.
>
>Is what I'm trying to do even possible?
>
>Thanks,
>Adam.
>
>
Hi Adam,
Just so you do not feel abandoned - I have gotten the same results when
trying a similar operation. In my case, I was trying to use a mapped
group on "valid users = @mapped". That does not work at all. I also
could not make it work with ACLs. A co-worked did some additional
testing and could get mapped groups to work on ugo permissions, but only
with "security = user", not "security = ads".
If my co-worker and I can characterize the behavior more accurately,
I'll write up what we find for posterity.
Eric Roseme
Hewlett-Packard
More information about the samba
mailing list