[Samba] nested groups with user mapping doesn't work

Rainer Weber raiweber at mpim-bonn.mpg.de
Fri Feb 2 14:43:14 GMT 2007 

Sorry,
after the user mapping the nt_user_token is

[2007/02/02 15:21:17, 10] auth/auth_util.c:debug_nt_user_token(454)
   NT user token of user S-1-22-1-10002
   contains 6 SIDs
   SID[  0]: S-1-22-1-10002
   SID[  1]: S-1-5-21-781721396-396832292-1671184278-513
   SID[  2]: S-1-1-0
   SID[  3]: S-1-5-2
   SID[  4]: S-1-5-11
   SID[  5]: S-1-5-32-545
   SE_PRIV  0x0 0x0 0x0 0x0

So you can see that the user has no domain groups.

Rainer Weber wrote:
> If I activate user mapping again I can only see the following in the log.
> [2007/02/02 15:21:17, 10] libads/authdata.c:dump_pac_logon_info(723)
>   The PAC:
>         User Flags: 0x20 (32)
>         User Flags: LOGON_EXTRA_SIDS 0x20 (32)
>         User SID: S-1-5-21-781721396-396832292-1671184278-1107
>         Group SID: S-1-5-21-781721396-396832292-1671184278-513
>         Group Membership (Global and Universal Groups of own domain):
>                 0: sid: S-1-5-21-781721396-396832292-1671184278-513
>                    attr: 0x7 == SE_GROUP_MANDATORY 
> SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED
>                 1: sid: S-1-5-21-781721396-396832292-1671184278-1118
>                    attr: 0x7 == SE_GROUP_MANDATORY 
> SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED
>                 2: sid: S-1-5-21-781721396-396832292-1671184278-1108
>                    attr: 0x7 == SE_GROUP_MANDATORY 
> SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED
>                 3: sid: S-1-5-21-781721396-396832292-1671184278-1117
>                    attr: 0x7 == SE_GROUP_MANDATORY 
> SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED
>                 4: sid: S-1-5-21-781721396-396832292-1671184278-1115
>                    attr: 0x7 == SE_GROUP_MANDATORY 
> SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED
>         Group Membership (Domain Local Groups and Groups from Trusted 
> Domains):
>         Group Membership (Ressource Groups (SID History ?)):
> 
> and
> 
> [2007/02/02 15:21:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/02 15:21:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> 
> 
> And I nested groups doesn't work.
> Can some one please tell me where the problem is?
> 

-- 
+--------------------------------------+
| Max Planck Institute for Mathematics |
|        System Administration         |
|                                      |
|  Vivatsgasse 7, 53111 Bonn, Germany  |
|  Tel       +49 (0)228-402-239        |
|  Fax       +49 (0)228-402-277        |
|  Email     raiweber at mpim-bonn.mpg.de |
+--------------------------------------+

More information about the samba mailing list