Fwd: [Samba] Net groupmap list puzzler

"Daniel Müller" danielmueller9 at gmx.net
Thu Feb 22 20:03:00 GMT 2007

I think at first you have to do a net groupmap add all the well known Groups.

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> -1
Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

This is my example working with suse

groupadd ntadmins
groupadd domusers
net groupmap add ntgroup=“Domain Admins“ unixgroup=ntadmins rid=512 type=domain
net groupmap add ntgroup=“Domain Users“ unixgroup=domusers rid=513 type=domain

This case go through all groups you need mapping the groups with the right rid.
after done this a net groupmap list must be shown this way:

Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> domusers
Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> ntadmins
Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) -> nobody

To grant the rights to the group with the rid 512 "Domain Admins"
you gotta do a rpc right grant for this group and set in the global
of your smb.conf enable privileges=yes


-------- Original-Nachricht --------
Datum: Tue, 20 Feb 2007 13:50:14 -0600
Von: "Craig Jackson" <CJackson at abbott-simses.com>
An: samba at lists.samba.org
Betreff: [Samba] Net groupmap list puzzler

Hi Dudes,

I have a samba Version 3.0.23d that has successfully joined 
our Server 2003 ADS domain.
# wbinfo -u shows the users
# wbinfo -g shows the groups
And I can chown/grp directories to NT users & groups.
However, # net groupmap list only shows
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users

So if I try to map groups, this is what happens.
# net groupmap modify ntgroup="Domain Admins" unixgroup=domadmins
# NT Group Domain Admins doesn't exist in mapping DB

One other problem. I get permission denied when I try to
Modify ACLs. The ext3 file system is mounted with acl and
nt acl support = yes is in the share section defined. 

Please help with a hint. I have Googled and read the Samba
Chapter 12/13 on the net command to no avail.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

More information about the samba mailing list