Well known groups are things like "Domain Administrators" and "Administrators" - they always have the same SID or RID (relative ID.) With an LDAP backend, you may have windbind/idmap automatically allocating unix group id's so this may be hidden from you. In my environment I support linux clients (ssh and nfs) so I still have to manage unix uid's and gid's. it means I also have to create unix groups that represented any windows groups.
On the unix server, as root in a unix session, can you see the owner, group and permissions on the files you are creating from windows? If you run "pdbedit -Lv somesambauser" you should see the name of the unix account for that user. Is there a mismatch? Can you set file permissions via unix so that the windows users can see them? Have you defined any force user, force group or force mask options on the file share? -----Original Message----- From: Murthy [mailto:[email protected]] Sent: Thursday, June 07, 2012 6:49 PM To: [email protected] Subject: Re: [Samba] ldapsam_getgroup Hello: I am not sure what you mean by setup Unix groups and domain mappings for additional windows "well known groups". I tried the following experiment. I changed the permissions on the directory to 777 and mapped it to a share. I am able to see all the directories in that share directory (i.e all sub-directories). However, I cannot see any individual files. Same thing happens if a create new subdirectories. I can see newly created sub-directories but I cannot see any individual files. I have been working on this for about 3 days now. I am really frustrated why things have to to so complicated. Murthy On Jun 7, 2012, at 9:46 AM, Gaiseric Vandal wrote: > You may need to set up unix groups and domain mappings for some > additional windows "well known groups" (google for windows well known > groups.) > > > > > on my server I can see my group mappings: > > # net groupmap list > ..... > Domain Users (S-1-5-21-xxxxx-xxxx-xxxxx-513) -> Domain Users > Administrators (S-1-5-32-544) -> Builtin Admins Domain Controllers > (S-1-5-21-xxxxx-xxxx-xxxxx-516) -> Domain Cont rollers > > .... > Authenticated Users (S-1-5-11) -> Authenticated Users Network > (S-1-5-2) -> Network Everyone (S-1-1-0) -> Everyone .... > > > So > > #net groupmap add ntgroup="Authenticated Users " unixgroup=xxx > rid="S-1-5-11" > > Or you can update in ldap. > > > > On 06/07/12 05:56, Cédric Carlen wrote: >> Hello, hello >> >> I'm writing you this email because when i want to set up a password policy >> with LDAP, this one isn't recognize by samba. >> >> In the log i've got this : >> >> ldapsam_getgroup: Did not find group, filter was >> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) >> ldapsam_getgroup: Did not find group, filter was >> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >> ldapsam_getgroup: Did not find group, filter was >> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) >> >> When i look with LdapAdmin, i don't have SID like this. Why ldap check this >> SID if they don't exist ? >> >> Thanks for you help >> >> Flake >> >> P.S.: I don't past files, because I don't know which one could help >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
