Hello everyone! I've been testing the 3.0 beta 3 (I've just upgraded from 2.2.7), and made a PDC configuration with Windows XP Pro clients. Everything works fine, however, I'm fine tuning the NT and Unix group mapping; in particular, I want to map the Unix group 'users' to the NT group 'Power Users'.
I've tried: net groupmap modify ntgroup="Power Users" unixgroup=users with no success. If I do, however net groupmap modify ntgroup="Domain Admins" unixgroup=users users are granted admin privileges I've read the groupmapping chapter of the howto collection (http://us1.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#grou pmapping) and still got no clue (If anyone can point me to a more detailed document by all means do so). Here's my `net groupmap list`: System Operators (S-1-5-32-549) -> -1 Domain Admins (S-1-5-21-1734957725-2317673715-2873464621-512) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Guests (S-1-5-21-1734957725-2317673715-2873464621-514) -> -1 Power Users (S-1-5-32-547) -> users Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Users (S-1-5-21-1734957725-2317673715-2873464621-513) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 And my smb.conf: [global] netbios name = Natsumi server string = Linux Server workgroup = BoogerSoft passdb backend = smbpasswd hosts allow = 192.168.0. 127.0.0.1 ;act as domain and master browser os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes ;if this causes problems change it to \\%N\profile\%U logon path = \\%N\%U\profile logon drive = H: ;for win9x clients ;logon home = \\%N\%U\profile ;logon script, relative to the [netlogon] share logon script = logon.cmd ;neither of these seem to work with 3.0 ;client code page = 850 ;character set = ISO8859-1 [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon read only = yes write list = ntadmin [homes] comment = Home Directories browseable = no writable = yes create mask = 0600 directory mask = 0700 And I am getting this in log.smbd when I do the "Power User" thing: [2003/07/30 21:25:53, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(710) _net_sam_logon: user BOOGERSOFT\boogerman has user sid S-1-5-21-1734957725-2317673715-2873464621-3000 but group sid S-1-5-32-547. The conflicting domain portions are not supported for NETLOGON calls And also this: [2003/07/30 21:33:43, 0] rpc_server/srv_util.c:get_domain_user_groups(362) get_domain_user_groups: primary gid of user [boogerman] is not a Domain group! get_domain_user_groups: You should fix it, NT doesn't like that (I don't fully understand the messages, so any explanations will be appreciated) Well, that's too much, probably I got everything missconfigured (hey, after all, it's my first PDC with 3.0). I hope someone will be able to help me figure this one out... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
