[Samba] NT doesn't like that ... primary gid of user [info] is not
a Domain group
Alex
linuxro at online.ie
Wed Feb 8 10:11:29 GMT 2006
Hello all,
Sorry for my long post but is a very urgent situation (is required to
configure 3 PDC in less then 4 hours) and i have not enough time to read and
experiment so i am posting here my problem. Please read entire message (is a
little bit long).
I have already one PDC using samba-3.0.10-1.4E.2 (on RHEL4) which is working
fine with windows 9x and xp clients, excepting one thing. All the time in
smbd.log appears message:
[2006/02/07 12:00:17, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
get_domain_user_groups: primary gid of user [info] is not a Domain group !
get_domain_user_groups: You should fix it, NT doesn't like that
OBS: User [info] is comming from an XP station already joined to domain.
Googling, i found a partial explanation here:
http://www-jerry.oit.duke.edu/linux/docs/samba/mapping_nt_groups_to_unix_groups.html
On this PDC server, smb users has been created as following:
useradd info
useradd grig
groupadd -g 1002 winusers
after that i added info and grig to winusers group
# cat /etc/group|grep win
winusers:x:1002:info,grig
id info
uid=501(info) gid=501(info) groups=501(info),1002(winusers)
id grig
uid=502(grig) gid=502(grig) groups=502(grig),1002(winusers)
first, i added unix root account to samba
smbpaswd -a root
and after that, regular users
smbpasswd -a info
smbpasswd -a grig
so now, with this configuration after each station has been joined to my
domain, i aget above error when user [info] is looged in.
Net groupmap list show the following output:
# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-3853285721-4159745161-3213124769-512) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3853285721-4159745161-3213124769-514) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-4124161332-916733439-2715427237-513) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-4124161332-916733439-2715427237-512) -> -1
Domain Guests (S-1-5-21-4124161332-916733439-2715427237-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3853285721-4159745161-3213124769-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Now, i tryed to map winusers group to PDC Domain Users group:
net groupmap add ntgroup="Domain Users" unixgroup="winusers"
No rid or sid specified, choosing algorithmic mapping
Successully added group Domain Users to the mapping db
[root at lfs ~]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-3853285721-4159745161-3213124769-512) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3853285721-4159745161-3213124769-514) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-4124161332-916733439-2715427237-513) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-4124161332-916733439-2715427237-512) -> -1
Domain Guests (S-1-5-21-4124161332-916733439-2715427237-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3853285721-4159745161-3213124769-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-4124161332-916733439-2715427237-2005) -> winusers
NO LUCK....message still persist in logs ...
In this case, i configured another computer as PDC with the following changes:
groupadd -g 1002 winusers
#here each user has been created with default group winusers
useradd -g 1002 info
useradd -g 1002 grig
# cat /etc/group|grep win
winusers:x:1002:
id info
uid=502(info) gid=1002(winusers) groups=1002(winusers)
id grig
uid=502(grig) gid=1002(winusers) groups=1002(winusers)
smbpaswd -a root
smbpasswd -a info
smbpasswd -a grig
NOW, error message does NOT APPEAR in smbd.log BUT.... findsmb perl script
(started on PDC) doesn't find any networked station (all are XP windows
clients), just the linux PDC.
This simptom does not affect all my windows stations, which can see and browse
the network and access shares on PDC.
NOTE: for netbios name resolution i am using another samba acting as wins
server, located remote in another network.
On incriminated PDC, i have these lines in smb.conf:
os level = 65
domain master = Yes
local master = Yes
preferred master = Yes
dns proxy = No
name resolve order = bcast wins
wins server = 10.0.0.111
remote announce = 10.0.0.13/NumeWorkGroup
remote browse sync = 10.0.0.13
CAN ANYBODY HELP ME TO FIX THIS UNPLEASANT BEHAVIOR?
WHICH ONE IS THE CORRECT WAY: users with the same group (GID) or users with
unique group (GID) on creation time?
Thanks in advance.
Alex
More information about the samba
mailing list