"Craig White" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Thu, 2004-01-29 at 19:33, Jason Gray wrote: > > I have been trying to figure out what this error is: > > > > Jan 29 18:23:07 dc2 smbd[20729]: [2004/01/29 18:23:07, 0] > > rpc_server/srv_util.c:get_domain_user_groups(371) > > Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: primary gid of > > user [barbara] is not a Domain group ! > > Jan 29 18:23:07 dc2 smbd[20729]: get_domain_user_groups: You should fix > > it, NT doesn't like that > > Jan 29 18:23:08 dc2 smbd[20729]: [2004/01/29 18:23:08, 0] > > rpc_server/srv_util.c:get_alias_user_groups(219) > > Jan 29 18:23:08 dc2 smbd[20729]: get_alias_user_groups: gid of user > > barbara doesn't exist. Check your /etc/passwd and /etc/group files > > > > I thought I fixed the error but it keeps coming back. My only concern is > > that it is slowing network access down. Is this an error I should be > > worried about? I'm using LDAP as my backend so why Samba is checking the > > /etc/passwd and /etc/group files is strange. I have the nsswitch setup to > > check "files ldap winbind". > > > > Is this error due to the fact that Samba checks the files first, can't kind > > the users, then goes onto ldap? > > > > It's kind of annoying cuz I don't know if the error is a problem or not. > --- > most errors should be considered problems > > gid of user barbara doesn't exist - primary gid of user barbara not a > Domain group ! NT doesn't like that > > You are gonna need to fix these things... > sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-513 > > substitute your sid for this value - the end -513 stands for the > 'built-in' "Domain Users" group, a very good idea for most users on the > network (obvious exceptions are unprivileged users) > > If you actually understand LDAP and can manipulate the information, a > group would look like this... > dn: cn=Domain Users,ou=Groups,o=Mullen,c=US > objectClass: posixGroup > objectClass: sambaGroupMapping > cn: Domain Users > gidNumber: 1008 > sambaSID: S-1-5-21-1292501092-333717336-619646970-513 > sambaGroupType: 2 > displayName: Domain Users > description: All domain users > creatorsName: cn=root,o=Mullen,c=US > createTimestamp: 20040121055900Z > memberUid: root > memberUid: artstation > memberUid: Administrator > > and so on with many members... > > any posix group can be a sambaDomainGroup - the requisite items are: > objectclass: sambaGroupMapping > cn: > displayName: > gidNumber: > sambaSID: #which can't belong to anything else, best to number the last > extension over 1000 > sambaGroupType: #2 for Domain group - 5 for local group > > if there is no group mapping for a particular sambaSID, then you could > use the net groupmap add command to create these values. > > if there is a group mapping for a particular sambaSID, then you can use > the net groupmap modify command but I have to tell you, I find it > infinitely easier and more direct to change these either directly > through ldif or through phpldapadmin. > > YMMV > > Craig
I see these errors too, but I am still using the smbpasswd back end. What is samba using as the primary group? Is it the unix primary group? If so, should I modify the users' unix accounts to all be in the same primary unix group and then map that group to "Domain Users"? Since it is a redhat system, the users all have primary unix groups that are the same as their usernames, but I could change that. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
