Re: [Samba] Group Problems
Do you have to have use ldap in order to use samba groups? If I try to add groups I also get the same error. and I don't know if this is relevent or not but when I try to join win groups and Unix groups via this command net groupmap add ntgroup=Domain Admins unixgroup=domadm I get this message. No rid or sid specified, choosing algorithmic mapping Successully added group Domain Admins to the mapping db and the group domadm is there. If I try to use any of the user that are in the domadm group, they don't have any admin rights. I don't think groupmaps are working at all. Could someone point me in the right direction? I am running CentOS with samba 3.0.9. Here is a the output from a net groupmap list -- - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- If any more info is need just ask, I will provide no prob. Thanks all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
Ok let me ask this: Why after I create a group map of Domain Admins to my unixgroup domadm do I now have two entries listed for Domain Admins? one to -1 the other to my domadm unix group - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
Hi, For specify Domain Admins grou mapping, you must use net groupmap with rid parameter : proto : net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local}] [ntgroup=string] [comment=string] ex : net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 07/06/2005 15:30:40 : Ok let me ask this: Why after I create a group map of Domain Admins to my unixgroup domadm do I now have two entries listed for Domain Admins? one to -1 the other to my domadm unix group - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
When I try this it fails: [EMAIL PROTECTED] root]# net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins adding entry for group Domain Admins failed! [EMAIL PROTECTED] root]# I understand why my domain admin user dont have admin rights, because they need to have an rid of 512, but I cant create that. Maybe its a but in my distro? On 6/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, For specify Domain Admins grou mapping, you must use net groupmap with rid parameter : proto : net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local}] [ntgroup=string] [comment=string] ex : net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 07/06/2005 15:30:40 : Ok let me ask this: Why after I create a group map of Domain Admins to my unixgroup domadm do I now have two entries listed for Domain Admins? one to -1 the other to my domadm unix group - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
That did the job, thank very much :) Dom On 6/7/05, John H Terpstra [EMAIL PROTECTED] wrote: On Tuesday 07 June 2005 07:51, Dominic Iadicicco wrote: When I try this it fails: [EMAIL PROTECTED] root]# net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins adding entry for group Domain Admins failed! [EMAIL PROTECTED] root]# I understand why my domain admin user dont have admin rights, because they need to have an rid of 512, but I cant create that. Maybe its a but in my distro? No. Samba auto-creates mappings for the Domain Users, Domain Guests, and Domain Admins groups. You can only modify them. net groupmap modify ntgroup=Domain Admins unixgroup=ntadmins - John T. On 6/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, For specify Domain Admins grou mapping, you must use net groupmap with rid parameter : proto : net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local}] [ntgroup=string] [comment=string] ex : net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 07/06/2005 15:30:40 : Ok let me ask this: Why after I create a group map of Domain Admins to my unixgroup domadm do I now have two entries listed for Domain Admins? one to -1 the other to my domadm unix group - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 - --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group Problems
Hello all, I am having a some problems with groups. If I use this command net rpc group list -Uroot%not24get as the root users I get an error. Could not connect to server 127.0.0.1 The username or password was not correct If I try to add groups I also get the same error. and I don't know if this is relevent or not but when I try to join win groups and Unix groups via this command net groupmap add ntgroup=Domain Admins unixgroup=domadm I get this message. No rid or sid specified, choosing algorithmic mapping Successully added group Domain Admins to the mapping db and the group domadm is there. If I try to use any of the user that are in the domadm group, they don't have any admin rights. I don't think groupmaps are working at all. Could someone point me in the right direction? I am running CentOS with samba 3.0.9. Here is a the output from a net groupmap list --- System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- If any more info is need just ask, I will provide no prob. Thanks all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
You know, I hate to sound rather annoyed, but we got your first two postings of this exact same message. Replies aren't instant. It takes time before people who can help you with your problem can get around to reading it under the deluge of messages that come flooding in. On Jun 6, 2005, at 22.26, Dominic Iadicicco wrote: Hello all, I am having a some problems with groups. If I use this command net rpc group list -Uroot%not24get as the root users I get an error. Could not connect to server 127.0.0.1 ^ Right there. 127.0.0.1 is ALWAYS the loopback for the computer you're on. Perhaps there's some kind of conflict occurring here because of that? Try connecting from a different computer. The username or password was not correct If I try to add groups I also get the same error. and I don't know if this is relevent or not but when I try to join win groups and Unix groups via this command net groupmap add ntgroup=Domain Admins unixgroup=domadm I get this message. No rid or sid specified, choosing algorithmic mapping Successully added group Domain Admins to the mapping db and the group domadm is there. If I try to use any of the user that are in the domadm group, they don't have any admin rights. I don't think groupmaps are working at all. Could someone point me in the right direction? I am running CentOS with samba 3.0.9. Here is a the output from a net groupmap list -- - System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1 Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053) - domadm Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1 -- If any more info is need just ask, I will provide no prob. Thanks all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group problems and at my wits' end!
Hi, I posted before that I was having problems with root showing up as a member of GID 1001 which I had set to 'engr'. Someone sent me an email saying that this was because gid=0 was also trying to map to RID=1001. Well, ok. So I made an explicit mapping from gid=0 to rid=0. I don't want Domain Admins to also be gid=0. It seems like it could cause more damage. So I have a grup mapping from gid=512 to rid=512 (Domain Admins). It always worked before. Everything worked except for the weird problem of root putting itself into rid=1001. Well, now after all of my messing around and changing things, I can't even join a Windows 2000 workstation to the domain. I get The user name could not be found. I am using 'root' and the password for root. This same username and password works just fine with smbclient command which tells me that root is still in the database. And root still shows up as a member of Domain Admins. The funny thing is that I even restored the LDAP db from before I started messing with things and even then, it doesn't work. Something has happened to my root user in Samba, from me messing around with mappings, and I don't know what it is. Any help is greatly appreciated in debugging. I have looked at the level 10 debug log and I get nothing useful. The closest thing I see is: UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group problems
Hi, Could somebody tell me why i have this error? [EMAIL PROTECTED] root]# net3 groupmap list [2004/02/10 05:14:28, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048) ldapsam_setsamgrent: LDAP search failed: No such object [2004/02/10 05:14:28, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2113) ldapsam_enum_group_mapping: Unable to open passdb [EMAIL PROTECTED] root]# smbldap-groupshow3 Domain\ Admins dn: cn=Domain Admins,ou=GROUPS,dc=nijacol,dc=net objectClass: posixGroup cn: Domain Admins gidNumber: 512 memberUid: root [EMAIL PROTECTED] root]# smbldap-groupshow3 Domain\ Users dn: cn=Domain Users,ou=GROUPS,dc=nijacol,dc=net objectClass: posixGroup gidNumber: 513 cn: Domain Users description: Netbios Domain Users (not implemented yet) memberUid: asky,test1,seyi [EMAIL PROTECTED] root]# smbldap-groupshow3 Domain\ Guests dn: cn=Domain Guests,ou=GROUPS,dc=nijacol,dc=net objectClass: posixGroup gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users (not implemented yet) [EMAIL PROTECTED] root]# Asky -- This message has been scanned for viruses and dangerous content by Nijacol Email Protection Service ([EMAIL PROTECTED]), and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group problems on Mac OS X
Server: SunOS 5.8 running, I believe, Samba 2.0.6 -- at least, log.nmb says: Netbios nameserver version 2.0.6 started. Client: M$WXP - everything works fine, perhaps because it has no concept of file ownership groups Client: Mac OS X 10.3.2, running the bundled Samba I have a number of shares defined on the server, including one for / so that I can get to anything on the machine with one mount: [slash] path = / browseable = yes writable = yes valid users = aad On the server: =lovecraft=id uid=5001(aad) gid=5000(overlay) On the OS X client: [dagon:~/scratch] aad% id uid=502(aad) gid=502(aad) groups=502(aad), 80(admin), 5000(overlay), 2147483647 I can't find a consistent way to mount this share at start up, but this forum problably isn't the place to persue that. The issue is that once I do get it mounted, I have problems when moving files. For some reason, the gid of any of my files that are across the mount shows up as 4294967294: [dagon:~/scratch] aad% touch /private/var/automount/Network/TALLTREE/LOVECRAFT/slash/tmp/test =lovecraft=ls -lg /tmp/test -rwxr--r-- 1 aad overlay 0 Jan 1 18:56 test* [dagon:~/scratch] aad% ls -lg /private/var/automount/Network/TALLTREE/LOVECRAFT/slash/tmp/test -rwx-- 1 aad nobody 0 1 Jan 18:59 /private/var/automount/Network/TALLTREE/LOVECRAFT/slash/tmp/test [dagon:~/scratch] aad% mv /private/var/automount/Network/TALLTREE/LOVECRAFT/slash/tmp/test . mv: ./test: set owner/group (was: 502/4294967294): Operation not permitted [dagon:~/scratch] aad% I created the overlay group on the OSX client via netinfo and added myself to it. The output of id above shows that it appears to be there correctly. The Samba mount appears to handle the uid just fine by looking up aad appropriately at both ends, but where the heck is it getting this wacky gid? Do I need to upgrade Samba on the server? Is the uid disparity between the two systems causing a problem? Thanks for any help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba