As I said, I did a fresh install of opensuse 10.3, samba, ldap. During the process, I filled the ldap database directly with an ldif file built using smbldap tools.
(one item in that file --> dn: cn=Domain Admins,ou=Groups,dc=ldap_hathor,dc=nwk objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: root sambaSID: S-1-5-21-3134345319-2430187646-2919245149-512 sambaGroupType: 2 displayName: Domain Admins description: Netbios Domain Administrators #sambaPrimaryGroupSID: SID of the user group (512 = Admins group) #description: Netbios Domain Administrators ) So you mean by doing this it is not necessary to map the native existing unix group "ntadmin" (gid 71) with "Domain Admins" ? (ntadmin appear in /etc/group and "Domain Admins" not) Reading the samba documentation was not very clear for me. jcdole Selon Douglas VanLeuven <[EMAIL PROTECTED]>: > > It looks like you already have an existing unix group called "Domain > Admins" being pulled in from ldap. When that is true, there is no need > for groupmap and indeed it would appear it is illegal to map a windows > group that matches an existing unix group to another unix group. > > Doug > > > [EMAIL PROTECTED] wrote: > > Hello. > > > > After fresh install. > > > > Samba and ldap seems to run normally ( I can join win2k workstation to > linux > > samba pdc ). > > > > Using yast I create a system group named domadmin > > > > But I am unable to map "Domain Admins" to domadmin > > I am unable to map "Domain Admins" to existing ntadmin group > > > > I am unable to mofify mapping "Domain Admins" to domadmin group > > > > Thank you for helping. > > > > LINUX-SRV: # net groupmap add ntgroup="Domain Admins" unixgroup=domadmin > > rid=512 type=d > > adding entry for group Domain Admins failed! > > LINUX-SRV: # > > > > LINUX-SRV: # net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin > rid=512 > > type=d > > adding entry for group Domain Admins failed! > > LINUX-SRV: # > > > > LINUX-SRV: # net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin > > Can't map to an unknown group type. > > LINUX-SRV: # > > > > LINUX-SRV:~ # net groupmap modify ntgroup="Domain Admins" > unixgroup=domadmin > > type=d > > Could not update group database > > LINUX-SRV: # > > > > LINUX-SRV:~ net groupmap list > > request done: ld 0x555555c881e0 msgid 1 > > request done: ld 0x555555c881e0 msgid 2 > > Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) -> Domain > Admins > > request done: ld 0x555555c881e0 msgid 3 > > Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) -> Domain > Users > > request done: ld 0x555555c881e0 msgid 4 > > Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) -> Domain > Guests > > request done: ld 0x555555c881e0 msgid 5 > > Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) -> Domain > > Computers > > request done: ld 0x555555c881e0 msgid 6 > > Administrators (S-1-5-32-544) -> Administrators > > request done: ld 0x555555c881e0 msgid 7 > > Account Operators (S-1-5-32-548) -> Account Operators > > request done: ld 0x555555c881e0 msgid 8 > > Print Operators (S-1-5-32-550) -> Print Operators > > request done: ld 0x555555c881e0 msgid 9 > > Backup Operators (S-1-5-32-551) -> Backup Operators > > request done: ld 0x555555c881e0 msgid 10 > > Replicators (S-1-5-32-552) -> Replicators > > request done: ld 0x555555c881e0 msgid 11 > > Users (S-1-5-32-545) -> 15000 > > LINUX-SRV: # > > > > LINUX-SRV: # getent group > > at:!:25: > > .............. > > .............. > > domadmin:x:114: > > root:x:0: > > ............... > > .............. > > users:x:100: > > +::0: > > request done: ld 0x618d10 msgid 1 > > Domain Admins:*:512:root,user_admin > > Domain Users:*:513: > > Domain Guests:*:514: > > Domain Computers:*:515: > > Administrators:*:544: > > Account Operators:*:548: > > Print Operators:*:550: > > Backup Operators:*:551: > > Replicators:*:552: > > request done: ld 0x618d10 msgid 2 > > It looks like you already have an existing unix group called "Domain > Admins" being pulled in from ldap. When that is true, there is no need > for groupmap and indeed it would appear it is illegal to map a windows > group that matches an existing unix group to another unix group. > > Doug > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
