Displaying 20 results from an estimated 700 matches similar to: "Group mapping: different SIDs"
2005 Nov 21
1
does a pdc need to be in the domain itself?
Hello List,
we have installed samba Version 3.0.20-0.1-SUSE.
when I'm entering
> net getlocalsid
I get
> SID for domain <netbios name> is:
S-1-5-21-4166838278-3756557259-2095403906
entering
> net getlocalsid <domain name>
returns
> SID for domain <domain name> is:
S-1-5-21-2018781741-1218799122-1862565094
Does this mean that the pdc itself is not in the domain
2006 Jan 02
0
Groups "Domain Admins" and "ntadmin"
Hello,
I need some understanding about when being as user in a domain group
and log on to a windows machine as user that belongs to this group
having administrative rights. I will explain in more detail and give
some more information:
# net getlocalsid
> SID for domain FILESERVER is: S-1-5-21-4166838278-3543217259-2095403906
# net getlocalsid <domain>
> SID for domain <domain>
2005 May 13
2
losing access to profile when user becomes domain user instead domain admin
Hi,
I am in the process of migrating our windows workstations to a samba domain.
Here is the problem:
When creating the domain user I put every user additionalyy in the
domain admin group so that he/she can copy his old files on the local
profile to his new domain account.
Then after this is done I put them to the domain users group but some
(!) of the user the lose then access to the
2011 Jun 09
3
DFS root only works for more recent Windows clients
I've been testing DFS roots and I'm finding that while Vista and 2008
Server clients can connect with no problems, Windows XP Pro and 2003
Server clients fail. This seems like it's the wrong way round - Samba
usually has more difficulties with recent Windows versions than older
ones - but I can only assume that there's some registry/policy change
between the versions. If anybody
2013 Jun 07
1
Folder permissions not working
I seem to be having a bit of a brain fade with regard to permissions in
samba. I have a share with several folders owned by different groups:
drwxrws--- 13 root accounts 4.0K Jun 7 12:12 Accounts
drwxrws--- 16 ian accounts 4.0K Jun 7 11:24 Administration
drwxrws--- 14 accounts users 4.0K Apr 22 12:05 Downloads
drwxrwsr-x 7 ian users 4.0K Mar 22 13:51
2003 Nov 14
1
net group question
I groupapped the domadmins group in linux to ntgroup="Domain Admins" but instead of mapping to the SID number ending in 512 it's creating a new SID number endind in 2025 mapped to domadmins...
Does anybody knows why??? It worked in the previous server.
This is the command I execute
net groupmap add ntgroup="Domain Admins" unixgroup=domadmin
If I use the rid=512 option I
2008 Nov 05
1
Samba 3.2.4 not locking accounts?
Hello guys!
I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3.
I am building a PDC with LDAP support (i am attaching my config files),
I'm also using ldapsam:trusted and ldapsam:editposix.
Although I am setting the account lock after 3 failed tries in usrmgr,
and verified that the parameters are actually set in the LDAP, no
locking occurs.
I started thinking that it was my
2011 Feb 03
1
POSIX ACLs vs. EA security.NTACLs
This might be more inclusive if I said, Linux Permissions vs POSIX ACLs
vs vfs_xattr.
I have recently begun to discover the power and flexibility of using
POSIX ACLs (by mounting my EXT3/4 filesystems with the acl option). This
solved alot of security permissions issues between Samba and Linux
groups of users. As I have delved into this deeper and begun using the
VFS object, vfs_xattr, things
2009 May 31
1
My Documents: Music shows, Pictures not so much
Hey all, I have a functioning Samba server in my test lab. All of my
must-haves are met.
My problem really boils down to a minor nuisance. Basically, when I log
the test users in and open My Documents I only see one folder: My Music.
Not that I really care but curiosity is killing me here and I can't
figure out why the My Pictures folder is not present also. On top of
that users love
2004 Apr 14
1
samba-latest and tdbsam - unable to logon to domain?
Dear list members,
I am unable to logon to the domain.
I have created the tdbsam using the "smbpasswd -a root" command.
I also added User Administrator as unix and samba account.
I also mapped groups "Domain Admins", "Domain users" and "Domain Guests" to
unix groups domadmins, domusers and domguests using the "net groupmap
modify" command.
But is
2004 Mar 18
3
migration nt4 with ldap problem
hello
i try to migrate nt4 to samba. the passwd-backend is ldap.
the migration itself works fine but after that, i cannot logon from the
windows xp clients
to the domain. -> i have to rejoin the client to the domain then it works
is this a bug or feature?
the sambaNTPassword change then in ldap data base
here is part of my smb.conf
------------------- snip -----------------
workgroup
2011 Jun 02
5
Samba vs Linux file permissions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I cannot find anything in the documentation or mailing list that
addresses this oddity.
I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm
utterly confused by samba's behavior regarding permissions.
Users on the server have home directories in /home/chemgroup/username.
(chemgroup is actually a symlink to another
2009 Jun 29
0
Lots of "smbd/vfs.c:reduce_name(985)" in log.smbd
Hi.
I subscripted just now to the mailing list, but I've been using a Samba file
server (PDC) on Debian for about 2.5 years now. Users are almost all WinXP
SP3.
No users are complaining but since I changed everything to one share with
group permission on underlying directories I see a lot of errors in
log.smbd. Anyone knows what the log message exactly means?
I guess it has something to
2009 Jun 30
1
Samba-Cups: all works except browsing when printer is not defined in smb.conf
Cups 1.2.7
Debian Etch with Samba 3.0.24
Clients: WinXP SP3 (with Firewall completely off for testing)
When I define a printer specifically in smb.conf, they show up as shared
printers in WinXP. But when I follow the normal way (see below) to load all
from cups they don't.
I followed mainly the latest SAMBA-HOWTO (chapter 21-22)
The only error I see in log.smbd when accessing the
2006 Oct 25
0
Some curious problems migrating from 3.0.10 to 3.0.23c on new server
Hello all,
at this point i'm at the end of my ideas, so i ask here, at what point
i ran in this problem. Hopefully some give advices to the proper direction.
The plan: An old debian woody machine with samba 3.0.10-1 should
migrated to an new hardware with debian etch and samba 3.0.23c-2.
My simple idea was to copy all configuration files and also the
passdb.tdb, secrets.tdb and
2009 May 01
2
Automating the Samba Install
Hey all,
I'm coloring outside the lines a little bit here but I would like to
automate the install of a samba pdc. Within that script to install I
would like to assign rights to a group. Here is an example of a few steps:
# Create Unix group:
groupadd domadmins
# Map unix group to samba groups:
net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512 type=d
# Assign
2007 Feb 22
0
Fwd: Net groupmap list puzzler
Hi,
I think at first you have to do a net groupmap add all the well known Groups.
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> -1
Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Guests
2008 Apr 22
2
Problems with winbind, idmap and usrmgr.exe
I am trying to get two Samba PDC/Domains setup with a trust between
them. They are separate domains because they are separate companies
(one is a subsidiary of the other) located in different cites.
I am using Centos 5.1 x86_64 and Samba 3.0.28a packages built by me from
Fedora 8 source RPMs.
Based on what I have read, in order to do the trust thing I need to use
Winbind/idmap to handle the non
2005 Dec 05
1
net getlocalsid and net getlocalsid <domain>
Hi,
does the output of the two commands really mean that the server FILESERVER
is not in the domain?:
# net getlocalsid
SID for domain FILESERVER is: S-1-5-21-4161338278-3756552359-245403906
# net getlocalsid <domainname>
SID for domain <domainname> is: S-1-5-21-2018781741-1218349122-1862352094
Is there another method to check if a server is in a domain?
Can I use 'net rpc
2005 May 05
2
Fwd: Follow Up - Problem with groups & joining domain.- LDAP
Follow up to original post.
If I created local groups and users in /etc/passwd &
/etc/groups I get farther along.
For instance, if I have a Samba PDC with LDAP basically like I listed
in my post. If I browse from a w2k pro box to the samba server
without the workstation having joined the domain, I can authenticate
to the samba server with a user who is not in /etc/passwd but is in
LDAP. So