Hello List,
As I didnt receive any answers on my first request regarding the new groupmap
mechanism since samba version 3.0.23 I try it once again and more detailed.
Situation before upgrade to samba 3.0.28:
We run a solaris 9 server with samba 3.0.21 which serves a share named backup
to which all domain users belonging to a special active directory group can
connect and save their mail db and other data. This runs without any
interaction, just net use x: \\servername\sharename. No users exist in
/etc/passwd , access is handled only by Active Directory groups and the
associated unix group(s). That has been realised via the net groupmap add
command and worked perfectly over the years since samba version 3.0.7a ! .
Due to security riscs in samba we where forced to upgrade to version 3.0.28
(all the same problems since version 3.0.24) I studied the whats changed logs
and samba howto`s and think I ´ve done it right , but I fear I ´ve overlooked
something essential.
Output from net groupmap list:
-----------------------
# net groupmap list
Domain Users (S-1-5-21-1454471165-527237240-682003330-513) -> users
sbs_ors (S-1-5-21-1454471165-527237240-682003330-133792) -> sbs_ors_ux
Domain Guests (S-1-5-21-1454471165-527237240-682003330-514) -> nobody
Administrators (S-1-5-32-544) -> 100000
adv (S-1-5-21-1454471165-527237240-682003330-48325) -> adv
Domain Admins (S-1-5-21-1454471165-527237240-682003330-512) -> ntadmin
Users (S-1-5-32-545) -> 100001
------------------------
output from net groupmap add command:
----------------------------
# net groupmap add sid=S-1-5-21-1454471165-527237240-682003330-133792
ntgroup=sbs_ors unixgroup=sbs_ors_ux type=d
Successfully added group sbs_ors to the mapping db as a domain group
--------------------------------
This is a major group with some nested groups and I ´m a member of one , Since
version 3.0.7a nested groups are supported , but I ´m not able to connect , all
I get is a pop up login window , also net view \\servername fails with access
denied.
Now my question ; does that configuration is still supported at all , or has it
broken due to security riscs ; if not pls tell me how to proceed with new samba
version, what did I overlook
Best Regards Martin Schreiber
Martin Schreiber
Siemens IT Solutions and Services GmbH
Gudrunstrasse 11
A-1101 Wien
Tel: +43(0)51707 47565
Fax: +43(0) 51707 57560
[EMAIL PROTECTED]
http://www.siemens.at/it-solutions
Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht
Wien, Firmensitz Wien
Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder
sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail
irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine
Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte
benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
Important Note: This e-mail may contain trade secrets or privileged,
undisclosed or otherwise confidential information. If you have received this
e-mail in error, you are hereby notified that any review, copying or
distribution of it is strictly prohibited. Please inform us immediately and
destroy the original transmittal. Thank you for your cooperation
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
