> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: giovedì 3 maggio 2007 2.28 > A: [email protected] > Oggetto: Re: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 10:21, Gianluca Culot wrote: > > > -----Messaggio originale----- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > conto di Gianluca Culot > > > Inviato: mercoledì 2 maggio 2007 15.09 > > > A: [email protected] > > > Oggetto: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > -----Messaggio originale----- > > > > Da: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > > conto di John H Terpstra > > > > Inviato: mercoledì 2 maggio 2007 14.56 > > > > A: [email protected] > > > > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > > > > ... > > > > > > > > > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > > > > > > > The first appear to be correctly mapped to the local > users group > > > > > > > the latter has no mapping (-1) > > > > > > > > > > > > > > that's to me appeares really odd.... > > > > > > > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > > > > > > > > apache21) works > > > > > > > > > > > perefctly and every user can authenticate correctly on every > > > > > > > > > > > > service with > > > > > > > > > > > > > his/her own AD domain user and password > > > > > > > > > > > > > > Any Hint? > > > > > > > PLEASE !?! > > > > > > > > > > > > Execute > > > > > > net groupmap cleanup > > > > > > > > > > > > then reset your mappings. > > > > > > > > > > > > - John T. > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL > and read the > > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > Looks loke > > > > > net groupmap cleanup > > > > > has no effect on my system > > > > > > > > > > here is the copy of action from my terminal > > > > > > > > > > mail# /home > net groupmap delete ntgroup="domain users" > > > > > Sucessfully removed domain users from the mapping db > > > > > > > > > > mail# /home > net groupmap list > > > > > System Operators (S-1-5-32-549) -> -1 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > > > Replicators (S-1-5-32-552) -> -1 > > > > > Guests (S-1-5-32-546) -> -1 > > > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > > > > > > > -> nobody > > > > > > > > > Power Users (S-1-5-32-547) -> -1 > > > > > Print Operators (S-1-5-32-550) -> -1 > > > > > Administrators (S-1-5-32-544) -> -1 > > > > > Account Operators (S-1-5-32-548) -> -1 > > > > > Domain Users > (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> > > > > > wheel Backup Operators (S-1-5-32-551) -> -1 > > > > > Users (S-1-5-32-545) -> -1 > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > > > > > mail# /home > net groupmap cleanup > > > > > Group Domain Guests is not mapped > > > > > Group Domain Users is not mapped > > > > > Group Domain Admins is not mapped > > > > > > > > > > mail# /home > net groupmap add ntgroup="Domain Users" > > > > > > unixgroup="users" > > > > > > > > type=b > > > > > No rid or sid specified, choosing algorithmic mapping > > > > > Successfully added group Domain Users to the mapping db > > > > > > > > > > mail# /home > net groupmap list > > > > > System Operators (S-1-5-32-549) -> -1 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > > > Replicators (S-1-5-32-552) -> -1 > > > > > Domain Users > (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > > > > Guests (S-1-5-32-546) -> -1 > > > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > > > > > > > -> nobody > > > > > > > > > Power Users (S-1-5-32-547) -> -1 > > > > > Print Operators (S-1-5-32-550) -> -1 > > > > > Administrators (S-1-5-32-544) -> -1 > > > > > Account Operators (S-1-5-32-548) -> -1 > > > > > Domain Users > (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> > > > > > wheel Backup Operators (S-1-5-32-551) -> -1 > > > > > Users (S-1-5-32-545) -> -1 > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > mail# /home > > > > > > > > > > > Maybe Domain Users is NOT to be mapped ? > > > > > is of any use mapping Domain Users and Users ? I would say YES > > > > > > > > as I want to > > > > > > > > > set permissions based on AD groups > > > > > > > > What version of Samba do you have? > > > > > > > > For now, stop Samba, remove the group_mapping,tdb file, > then remap your > > > > groups. In the long run suggest you update to the latest release. > > > > > > > > - John T. > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > Sorry... I forgot > > > > > > I'm running Samba 3.0.14a > > > > > > mail# /home > pkg_info | grep samba > > > samba-3.0.14a_1,1 A free SMB and CIFS client and server for UNIX > > > > > > here is the smb.conf > > > [global] > > > > > > workgroup = dmsware > > > netbios name = mail > > > #os level = 20 # we will never be master or slave > > > browser as > > > we are on a firewalled net > > > preferred master = no > > > server string = mail.dmsware.it Samba Shares > > > > > > realm = dmsware.it > > > security = ADS > > > password server = orion.dmsware.it > > > > > > winbind cache time = 3600 > > > winbind use default domain = Yes > > > winbind nested groups = Yes > > > # -antares- winbind enum users = Yes > > > # -antares- winbind enum groups = Yes > > > > > > allow trusted domains = Yes > > > #idmap domains = DMSWARE > > > idmap config DMSWARE:backend = rid > > > idmap config DMSWARE:base_rid = 1000 > > > idmap config DMSWARE:range = 10000 - 49999 > > > > > > #idmap backend = idmap_rid:DMSWARE=1000-20000 > > > > > > idmap gid = 10000-49999 > > > idmap uid = 10000-49999 > > > # -antares- winbind uid = 10000-20000 > > > # -antares- winbind gid = 10000-20000 > > > > > > template homedir = /home/%U > > > template shell = /bin/sh > > > # -antares- template primary group = "Domain Users" > > > syslog only = Yes > > > # -antares- log file = /var/log/samba/log.%m > > > > > > encrypt passwords = yes > > > > > > add group script = /usr/sbin/groupadd %g > > > delete group script = /usr/sbin/pw groupdel %g > > > add user script = /usr/sbin/pw useradd %u > > > delete user script = /usr/sbin/pw userdel %u > > > > > > > > > My current configuration is > > > > > > FreeBsd 6 > > > Samba 3.0.14a > > > Dovecot 1.0.0 > > > postfix 2.3.5 > > > cyrus-sasl 2.1.22 with saslAuth > > > openssl 0.9.7i stable > > > > > > currently the system is serving as > > > authenticated SMTP/pop3 > > > Webmail > > > File Server (samba is both used for authentication and file > sharing) for > > > file-retrivial from client ftp uploads > > > > > > I'm not again patching... but as everything works fine... and the > > > system is > > > critical... > > > > > > Thanks for your time > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > After some analisys > > > > look like Samba is not going to resolve / map groups from SID 512 to 999 > > manual mapping (net groupmap add) causes a sort duplication > > I mean > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > is not mapped > > > > but if I issue > > net groupmap add ntgroup="Domain Users" unixgroup="users" type=d > > > > this results in > > > > net groupmap list > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > > > looks like Samba created another Domain Users group in AD. > > Yet... no other group is created > > and trying to resolve the given SID results in error > > > > wbinfo -S S-1-5-21-531635747-2076120898-3807014553-2801 > > Could not convert sid > S-1-5-21-531635747-2076120898-3807014553-2801 to uid > > > > Am I missing something... ??? > > Yes - you are! > > Do NOT add a second NT Group - ever! The "net groupmap modify" was > introduced in one of the recent releases. Suggest you update if you can. > > Delete the group_mapping.tdb again, and this time MODIFY the > group that is > created bu 3.0.14 as follows: > > net groupmap modify ntgroup="Domain Users" unixgroup="users" > > - John T. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
I'm running portupgrade... and looks like now Samba 3.0.24.1 resolve domain groups correctly no need to run net groupmap modify... BUT if I list a directory with file owned by DOmain Users I see IDs AND DO NOT SEE names of group and user owner drwxrwxrwx 3 1500 1513 512 Apr 20 18:14 administrator drwxrwxrwx 3 2149 1513 512 Apr 4 18:06 user1 drwxrwxrwx 3 2119 1513 512 Apr 4 18:07 user2 with Samab 3.0.14d drwxrwxrwx 3 root wheel 512 Apr 20 18:14 administrator drwxrwxrwx 3 user1 Domain Users 512 Apr 4 18:06 user1 drwxrwxrwx 3 user2 Domain Users 512 Apr 4 18:07 user2 Samba is started corerctly and I have NO error in any log Every server authenticates correctly ! ! ! Any Hint ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
