Re: [Samba] unable to map windows to unix groups

Douglas VanLeuven Sat, 09 Aug 2008 13:46:30 -0700

[EMAIL PROTECTED] wrote:

Hello.


After fresh install.

Samba and ldap seems to run normally ( I can join win2k workstation to linux
samba pdc ).

Using yast I create a system group named domadmin

But I am unable to map "Domain Admins" to domadmin
I am unable to map "Domain Admins" to existing ntadmin group

I am unable to mofify mapping "Domain Admins" to domadmin group

Thank you for helping.

LINUX-SRV: # net groupmap add ntgroup="Domain Admins" unixgroup=domadmin
rid=512 type=d
adding entry for group Domain Admins failed!
LINUX-SRV: #

LINUX-SRV: # net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512
type=d
adding entry for group Domain Admins failed!
LINUX-SRV: #

LINUX-SRV: # net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin
Can't map to an unknown group type.
LINUX-SRV: #

LINUX-SRV:~ # net groupmap modify ntgroup="Domain Admins" unixgroup=domadmintype=d

Could not update group database
LINUX-SRV: #

LINUX-SRV:~ net groupmap list
request done: ld 0x555555c881e0 msgid 1
request done: ld 0x555555c881e0 msgid 2
Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) -> Domain Admins
request done: ld 0x555555c881e0 msgid 3
Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) -> Domain Users
request done: ld 0x555555c881e0 msgid 4
Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) -> Domain Guests
request done: ld 0x555555c881e0 msgid 5
Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) -> Domain
Computers
request done: ld 0x555555c881e0 msgid 6
Administrators (S-1-5-32-544) -> Administrators
request done: ld 0x555555c881e0 msgid 7
Account Operators (S-1-5-32-548) -> Account Operators
request done: ld 0x555555c881e0 msgid 8
Print Operators (S-1-5-32-550) -> Print Operators
request done: ld 0x555555c881e0 msgid 9
Backup Operators (S-1-5-32-551) -> Backup Operators
request done: ld 0x555555c881e0 msgid 10
Replicators (S-1-5-32-552) -> Replicators
request done: ld 0x555555c881e0 msgid 11
Users (S-1-5-32-545) -> 15000
LINUX-SRV: #

LINUX-SRV: # getent group
at:!:25:
..............
..............
domadmin:x:114:
root:x:0:
...............
..............
users:x:100:
+::0:
request done: ld 0x618d10 msgid 1
Domain Admins:*:512:root,user_admin
Domain Users:*:513:
Domain Guests:*:514:
Domain Computers:*:515:
Administrators:*:544:
Account Operators:*:548:
Print Operators:*:550:
Backup Operators:*:551:
Replicators:*:552:
request done: ld 0x618d10 msgid 2

It looks like you already have an existing unix group called "DomainAdmins" being pulled in from ldap. When that is true, there is no needfor groupmap and indeed it would appear it is illegal to map a windowsgroup that matches an existing unix group to another unix group.


Doug

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unable to map windows to unix groups

Reply via email to