[Samba] Samba 3.0.22 error with domain accounts

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon May 21 17:58:34 GMT 2007

I have compiled Samba 3.0.22 on Solaris 10 (sparc.)   It has been 
configured as a PDC with a domain of, say, "SAMBADOMAIN."     It has 
some predefined group mappings for the Administrators and "Domain 
Admins" group. These mappings were dropped in later versions of Samba.  
(I have been working with 3.0.24 as well.  Unfortunately it doesn't seem 
to play nice with Sun's PC Netlink so I am hoping a older version might.) 

# net  groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3994835435-1155125117-4257552229-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
*Administrators (S-1-5-32-544) -> -1***
Domain Admins (S-1-5-21-1184431512-2651584230-490432928-512) -> -1
Domain Guests (S-1-5-21-1184431512-2651584230-490432928-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-1184431512-2651584230-490432928-513) -> -1
*Domain Admins (S-1-5-21-3994835435-1155125117-4257552229-512) -> -1***
Domain Guests (S-1-5-21-3994835435-1155125117-4257552229-514) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

There is no unix group with GID "-1" so I am not quite sure if I should 
be explicitly changing the group mappings to match real groups.  I do 
have a unix group "administrators" defined, which includes the root and 
administrator account (this was for version 3.0.24.)

I joined this machine to its own domain:

#  net join SAMBADOMAIN -U root

I can list users from, or add users to, local groups


#net rpc  group ADDMEM "Administrators" root
#net rpc  group ADDMEM "Administrators" administrator

but not with domain groups, whether predefined or not:


# bin/net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 
adding entry for group Domain Admins failed!


#net groupmap add ntgroup="Engineering" unixgroup=engr rid=10300 type=d
Successfully added group Engineering to the mapping db

#/net rpc  group members "engineering" :
[2007/05/18 14:42:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine pipe \samr fnum 0x721ereturned 
critical error. Error was Call returned zero bytes (EOF)
[2007/05/18 14:42:08, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375)
  cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x721e to 
machine  Error was Call returned zero bytes (EOF)

I compiled the software on my linux workstation- but I get the same 
errors when running the net command against the solaris samba server.  
THe solaris server is configured as an LDAP client.

So my questions are:
 1 - What is causing the error (and how do I fix it)?
  2 - Do I need to change the group mappings to match real unix group GID's?


More information about the samba mailing list