[Samba] net groupmap add problems since 3.0.23 version

Schreiber, Martin martin.a.schreiber at siemens.com
Mon Jan 7 11:48:23 GMT 2008

Hello List,
As I didnt receive any answers on my first request regarding the new groupmap mechanism since samba version 3.0.23 I try it once again and more detailed.
Situation before upgrade to samba 3.0.28:
We run a solaris 9 server with samba 3.0.21 which serves a share named backup to which all domain users belonging to a special active directory group can connect and save their mail db and other data. This runs without any interaction, just net use x: \\servername\sharename. No users exist in /etc/passwd , access is handled only by Active Directory groups and the associated unix group(s). That has been realised via the net groupmap add command and worked perfectly over the years since samba version 3.0.7a ! .
Due to security riscs in samba we where forced to upgrade to version 3.0.28 (all the same problems since version 3.0.24) I studied the whats changed logs and samba howto`s and think I ´ve done it right , but I fear I ´ve overlooked something essential.
Output from net groupmap list:
 # net groupmap list
Domain Users (S-1-5-21-1454471165-527237240-682003330-513) -> users
sbs_ors (S-1-5-21-1454471165-527237240-682003330-133792) -> sbs_ors_ux
Domain Guests (S-1-5-21-1454471165-527237240-682003330-514) -> nobody
Administrators (S-1-5-32-544) -> 100000
adv (S-1-5-21-1454471165-527237240-682003330-48325) -> adv
Domain Admins (S-1-5-21-1454471165-527237240-682003330-512) -> ntadmin
Users (S-1-5-32-545) -> 100001
output from net groupmap add command:
 # net groupmap add sid=S-1-5-21-1454471165-527237240-682003330-133792 ntgroup=sbs_ors unixgroup=sbs_ors_ux type=d
Successfully added group sbs_ors to the mapping db as a domain group
This is a major group with some nested groups and I ´m a member of one , Since version 3.0.7a nested groups are supported , but I ´m not able to connect , all I get is a pop up login window , also net view \\servername fails with access denied.
Now my question ; does that configuration is still supported at all , or has it broken due to security riscs ; if not pls tell me how to proceed with new samba version, what did I overlook
Best Regards  Martin  Schreiber

      Martin Schreiber

      Siemens IT Solutions and Services GmbH

      Gudrunstrasse 11 
      A-1101 Wien 
           Tel: +43(0)51707 47565
      Fax: +43(0) 51707 57560            
      martin.a.schreiber at siemens.com 

Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht Wien, Firmensitz Wien

Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.

Important Note: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation



More information about the samba mailing list