[EMAIL PROTECTED] wrote:
Hi,
I think I've narrowed down my problem to the fact that the group mapping is
not giving me the same GID for all 'equivalent' groups, as seen here:
$ net groupmap list
DOMAIN\Group1 (S-1-5-21-620321403-24207062-1845911597-172256) -> unixgrp1
$ getent group unixgrp1
unixgrp1:x:203:
$ getent group DOMAIN\\Group1
DOMAIN\Group1:x:10001:DOMAIN\User1
This means that the GID of unixgrp1 is 203, however the GID of DOMAIN\Group1
is completely different! Given the group mapping, I was expecting that both
groups would be returned with a GID of 203, so that according to the Linux
box both those groups are the same.
As it stands now, when DOMAIN\User1 connects, it's using a GID of 10001
which has no access to the filesystem. It should be connecting as GID 203,
which has the correct filesystem permissions.
Is what I'm trying to do even possible?
Thanks,
Adam.
Hi Adam,
Just so you do not feel abandoned - I have gotten the same results when
trying a similar operation. In my case, I was trying to use a mapped
group on "valid users = @mapped". That does not work at all. I also
could not make it work with ACLs. A co-worked did some additional
testing and could get mapped groups to work on ugo permissions, but only
with "security = user", not "security = ads".
If my co-worker and I can characterize the behavior more accurately,
I'll write up what we find for posterity.
Eric Roseme
Hewlett-Packard
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
