Hi Cleber, I joined an old version of SAMBA Version 3.0.20b(1 year ago) and it was no need to create/recreate mappings. Unfortunately the winbind_idmap.tdb for that machine is for another Domain Controller and I cannot populate the TPDCBR.
Take a look at the old samba machine idmap: [EMAIL PROTECTED] / # /opt/freeware/samba/bin/net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Domain Admins (S-1-5-21-2871169248-3070897773-91520546-512) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-2871169248-3070897773-91520546-513) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Guests (S-1-5-21-2871169248-3070897773-91520546-514) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 To create manualy the groupmapping is not helpful because from time to time new groups are created on AD. Another way to map group/users exists? Thanx, FlorinT ----- Original Message ---- From: Cleber P. de Souza <[EMAIL PROTECTED]> To: Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> Cc: sambalist <[email protected]> Sent: Monday, April 30, 2007 5:49:13 AM Subject: Re: [Samba] Option valid user not expanded for groups You do need to create the ldap group for samba using the built-in SIDs for these internal groups or creating a new one for others and set the group mappings. On 4/29/07, Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> wrote: > Hi again, > > Command net groupam shows: > > [EMAIL PROTECTED] /samba/var/log #/samba/bin/net groupmap list > Administrators (S-1-5-32-544) -> BUILTIN+administrators > Users (S-1-5-32-545) -> BUILTIN+users > > The browsing is working ok for users, but is not workig for groups. > > FlorinT > > ----- Original Message ---- > From: Cleber P. de Souza <[EMAIL PROTECTED]> > To: Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> > Cc: sambalist <[email protected]> > Sent: Saturday, April 28, 2007 6:15:55 PM > Subject: Re: [Samba] Option valid user not expanded for groups > > > Is your 'net groupmap' set properly for this domain? > > > On 4/27/07, Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I have a AIX 5.3 machine with Samba 3.0.24c joined into one Windows 2003 > > ADS server OK. > > I can request basic information, user lookup, domain lookup(wbinfo, id, net > > groupmap). > > > > When I want to acces the share \\node05\brom from one Windows station I > > receive a popup window password. > > > > In the log of the samba for that machine I found: > > > > [2007/04/27 10:48:27, 2] auth/auth.c:check_ntlm_password(319) > > check_ntlm_password: Authentication for user [] -> [] FAILED with error > > NT_ST > > ATUS_NO_SUCH_USER > > [2007/04/27 10:48:28, 2] auth/auth.c:check_ntlm_password(319) > > check_ntlm_password: Authentication for user [] -> [] FAILED with error > > NT_ST > > ATUS_NO_SUCH_USER > > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > > old > > resources. > > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > > old > > resources. > > [2007/04/27 10:48:29, 2] auth/auth.c:check_ntlm_password(309) > > check_ntlm_password: authentication for user [node05] -> [node05] -> > > [TPDCBR+ > > node05] succeeded > > [2007/04/27 10:48:29, 2] smbd/service.c:make_connection_snum(580) > > user 'TPDCBR+node05' (from session setup) not permitted to access this > > share ( > > brom) > > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(319) > > check_ntlm_password: Authentication for user [] -> [] FAILED with error > > NT_STATUS_NO_SUCH_USER > > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > > old resources. > > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > > old resources. > > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(309) > > check_ntlm_password: authentication for user [node05] -> [node05] -> > > [TPDCBR+node05] succeeded > > [2007/04/27 10:48:53, 2] smbd/service.c:make_connection_snum(580) > > user 'TPDCBR+node05' (from session setup) not permitted to access this > > share (brom) > > > > My smb.conf looks like: > > > > [global] > > unix charset = LOCALE > > workgroup = TPDCBR > > realm = TPDCBR.ROM > > netbios name = NODE05 > > dns proxy = No > > server string = NODE05 AIX > > security = ads > > password server = 10.99.0.4 > > encrypt passwords = yes > > name resolve order = host > > log level = 10 > > syslog = 0 > > username map = /samba/private/smbusers > > log file = /samba/var/log/%m > > max log size = 5000 > > ldap ssl = no > > winbind uid = 10000-59999 > > winbind gid = 10000-59999 > > idmap uid = 10000-60000 > > idmap gid = 10000-60000 > > template shell = /bin/ksh > > winbind use default domain = Yes > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind nested groups = Yes > > winbind separator = + > > auth methods = winbind > > acl compatibility = win2k > > winbind cache time = 10 > > bind interfaces only = yes > > client use spnego = no > > socket address = 10.99.0.201 > > allow trusted domains = no > > #use kerberos keytab = yes > > socket options = TCP_NODELAY > > #map acl inherit = Yes > > [brom] > > comment = inhouse brom > > path = /u09/inhouse/brom > > read only = No > > browseable = yes > > #valid users =@"Computers", @"domain users" > > valid users = @"domain users" > > create mask = 0777 > > directory mask = 0777 > > force create mode = 0777 > > force directory mode = 0777 > > > > > > I also made a test with only one user valid like this: > > valid users = TPDCBR.ROM+node05 > > and this is working ok. > > > > Thank you. > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- > *** > Cleber P. de Souza > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- *** Cleber P. de Souza __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
