[Samba] net groupmap add

Schreiber, Martin martin.a.schreiber at siemens.com
Thu Jan 3 15:57:38 GMT 2008 

Hi List,
 
We have a pretty complex samba configuration running version 3.0.21 , this worked for about 2 years , but due to security reasons we need to upgrade to latest version 3.0.28.
I have no local unix users created on our host all access is regulated via the valid user = @AD+group statement . and the net groupmap add command. This worked great , but seems broken in latest versions since 3.0.23
 
I checked the latest howtos , but no success , seems that i overlooked some essentials...
 
Now my smb.conf  (only the relevant lines)
 
----------------
 
         workgroup = WWxxx
        server string = 47556. at emailaddress
        security = DOMAIN
        netbios name = ATWS26QC
        encrypt passwords = Yes
        client schannel = no
        client use spnego = no
        server signing = auto
        config file = /usr/local/samba/lib/smb.conf
        password server = vieg10wa
        passdb expand explicit = no
        password level = 1
        winbind uid = 100000-130000
        winbind gid = 100000-120000
        winbind enum users = yes
        winbind enum groups = yes
        winbind separator = +
        winbind use default domain = yes
        winbind nested groups = yes
#the shares
    [home2]
        path = /home2
        valid users    @sbs_ors_ux @sbs_ors
        read only = no
        browseable = yes

----------------------
 
output from net groupmap list
--------------------------
# bin/net groupmap list
Administrators (S-1-5-32-544) -> 100000
sbs_ors (S-1-5-21-3932861455-2822179577-2594212704-125693) -> sbs_ors_ux  ----> thats the relevant group 
Users (S-1-5-32-545) -> 100001
------------------------
 
 But I cant get it to work , I´m allways asked for a password , but should work seemless , as it does with "old" samba version
 
Hope theres someone who can give me some hints , like a working smb.conf and or a howto to manage the "net groupmap add" command in the proper way
 
 
Best regards    Martin
 
 

 

      Martin Schreiber

      Siemens IT Solutions and Services GmbH

      Gudrunstrasse 11 
      A-1101 Wien 
           Tel: +43(0)51707 47565
      Fax: +43(0) 51707 57560            
         
      martin.a.schreiber at siemens.com 
      http://www.siemens.at/it-solutions

Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht Wien, Firmensitz Wien

Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.

Important Note: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation

More information about the samba mailing list