On Thu, 2004-01-29 at 19:33, Jason Gray wrote: > I have been trying to figure out what this error is: > > Jan 29 18:23:07 dc2 smbd[20729]: [2004/01/29 18:23:07, 0] > rpc_server/srv_util.c:get_domain_user_groups(371) > Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: primary gid of > user [barbara] is not a Domain group ! > Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: You should fix > it, NT doesn't like that > Jan 29 18:23:08 dc2 smbd[20729]: [2004/01/29 18:23:08, 0] > rpc_server/srv_util.c:get_alias_user_groups(219) > Jan 29 18:23:08 dc2 smbd[20729]: get_alias_user_groups: gid of user > barbara doesn't exist. Check your /etc/passwd and /etc/group files > > I thought I fixed the error but it keeps coming back. My only concern is > that it is slowing network access down. Is this an error I should be > worried about? I'm using LDAP as my backend so why Samba is checking the > /etc/passwd and /etc/group files is strange. I have the nsswitch setup to > check "files ldap winbind". > > Is this error due to the fact that Samba checks the files first, can't kind > the users, then goes onto ldap? > > It's kind of annoying cuz I don't know if the error is a problem or not. --- most errors should be considered problems
gid of user barbara doesn't exist - primary gid of user barbara not a Domain group ! NT doesn't like that You are gonna need to fix these things... sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-513 substitute your sid for this value - the end -513 stands for the 'built-in' "Domain Users" group, a very good idea for most users on the network (obvious exceptions are unprivileged users) If you actually understand LDAP and can manipulate the information, a group would look like this... dn: cn=Domain Users,ou=Groups,o=Mullen,c=US objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Users gidNumber: 1008 sambaSID: S-1-5-21-1292501092-333717336-619646970-513 sambaGroupType: 2 displayName: Domain Users description: All domain users creatorsName: cn=root,o=Mullen,c=US createTimestamp: 20040121055900Z memberUid: root memberUid: artstation memberUid: Administrator and so on with many members... any posix group can be a sambaDomainGroup - the requisite items are: objectclass: sambaGroupMapping cn: displayName: gidNumber: sambaSID: #which can't belong to anything else, best to number the last extension over 1000 sambaGroupType: #2 for Domain group - 5 for local group if there is no group mapping for a particular sambaSID, then you could use the net groupmap add command to create these values. if there is a group mapping for a particular sambaSID, then you can use the net groupmap modify command but I have to tell you, I find it infinitely easier and more direct to change these either directly through ldif or through phpldapadmin. YMMV Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
