hi list,
i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.
i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.
any ideas?
btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.
thanx 4 any answers
thomas
output from smbgroupedit
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"
Domain Admins
SID : S-1-5-21-3013901393-2549662177-2794664770-512
Unix group: tpuseradmin
Group type: Unknown type
Comment :
Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp
tronicplanet
SID : S-1-5-21-3013901393-2549662177-2794664770-1219
Unix group: tronicplanet
Group type: Local group
Comment : Local Unix group
Privilege : No privilege
smb.conf
[global]
# code page directory = /etc/samba30/codepages
workgroup = TP-SAMBA
netbios name = TRONIC-PDC
interfaces = 192.168.0.31/255.255.255.192
bind interfaces only = Yes
encrypt passwords = Yes
security = user
# password server = venus
map to guest = Bad User
# passwd program = /usr/local/sbin/ldapsync.pl -o %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
log file = /var/log/samba30/%m
debug pid = Yes
debug uid = Yes
large readwrite = Yes
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
# character set = ISO8859-15
# domain admin group = @smbadm
logon path logon home domain logons = Yes
use spnego = no
os level = 64
wins support = Yes
passdb backend = ldapsam:ldap://localhost
# ldap port = 389
# ldap server = sonne.tronicplanet.de
ldap suffix = dc=tronicplanet,dc=de
ldap admin dn = uid=root,dc=tronicplanet,dc=de
ldap ssl = no
lock dir = /var/lock/samba30
pid directory = /var/run/samba30
socket address = 192.168.0.31
host msdfs = Yes
# admin users = @smbadm
# printer admin = @smbprtadm
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS
Hi,
I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?
Thank you for a reply.
Greetings,
Eddie.
-----------------------------------
hi list,
i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.
i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.
any ideas?
btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.
thanx 4 any answers
thomas
output from smbgroupedit
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"
Domain Admins
SID : S-1-5-21-3013901393-2549662177-2794664770-512
Unix group: tpuseradmin
Group type: Unknown type
Comment :
Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp
tronicplanet
SID : S-1-5-21-3013901393-2549662177-2794664770-1219
Unix group: tronicplanet
Group type: Local group
Comment : Local Unix group
Privilege : No privilege
smb.conf
[global]
# code page directory = /etc/samba30/codepages
workgroup = TP-SAMBA
netbios name = TRONIC-PDC
interfaces = 192.168.0.31/255.255.255.192
bind interfaces only = Yes
encrypt passwords = Yes
security = user
# password server = venus
map to guest = Bad User
# passwd program = /usr/local/sbin/ldapsync.pl -o %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
log file = /var/log/samba30/%m
debug pid = Yes
debug uid = Yes
large readwrite = Yes
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
# character set = ISO8859-15
# domain admin group = @smbadm
logon path logon home domain logons = Yes
use spnego = no
os level = 64
wins support = Yes
passdb backend = ldapsam:ldap://localhost
# ldap port = 389
# ldap server = sonne.tronicplanet.de
ldap suffix = dc=tronicplanet,dc=de
ldap admin dn = uid=root,dc=tronicplanet,dc=de
ldap ssl = no
lock dir = /var/lock/samba30
pid directory = /var/run/samba30
socket address = 192.168.0.31
host msdfs = Yes
# admin users = @smbadm
# printer admin = @smbprtadm
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS
The problem seems to be in the group type field of your smbgroupedit -vl
output. Notice that it does not say Domain Group. So to correct it to work
properly use
smbgroupedit -c <SID> -u <unix_group> -td
This should adjust the Group Type field to Domain Group and should correct
your problems. This is not clear from the man page and there may be other
ways of achieving the same thing with different parameters.
Dan
-----Original Message-----
From: Eddie Lania [mailto:e.lania@elton.nl]
Sent: Thursday, August 01, 2002 7:54 AM
To: tsmailing@tronicplanet.de
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba 3.0 and group mapping
Hi,
I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?
Thank you for a reply.
Greetings,
Eddie.
-----------------------------------
hi list,
i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.
i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.
any ideas?
btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.
thanx 4 any answers
thomas
output from smbgroupedit
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"
Domain Admins
SID : S-1-5-21-3013901393-2549662177-2794664770-512
Unix group: tpuseradmin
Group type: Unknown type
Comment :
Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp
tronicplanet
SID : S-1-5-21-3013901393-2549662177-2794664770-1219
Unix group: tronicplanet
Group type: Local group
Comment : Local Unix group
Privilege : No privilege
smb.conf
[global]
# code page directory = /etc/samba30/codepages
workgroup = TP-SAMBA
netbios name = TRONIC-PDC
interfaces = 192.168.0.31/255.255.255.192
bind interfaces only = Yes
encrypt passwords = Yes
security = user
# password server = venus
map to guest = Bad User
# passwd program = /usr/local/sbin/ldapsync.pl -o %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
log file = /var/log/samba30/%m
debug pid = Yes
debug uid = Yes
large readwrite = Yes
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
# character set = ISO8859-15
# domain admin group = @smbadm
logon path logon home domain logons = Yes
use spnego = no
os level = 64
wins support = Yes
passdb backend = ldapsam:ldap://localhost
# ldap port = 389
# ldap server = sonne.tronicplanet.de
ldap suffix = dc=tronicplanet,dc=de
ldap admin dn = uid=root,dc=tronicplanet,dc=de
ldap ssl = no
lock dir = /var/lock/samba30
pid directory = /var/run/samba30
socket address = 192.168.0.31
host msdfs = Yes
# admin users = @smbadm
# printer admin = @smbprtadm
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS
Now to add to my previous post, after the group type is set to domain group
and I have a samba 3.0alpha18 fileserver using winbind for authentication
doing the command 'getent group' does not return the list of Domain
Groups
in addition to the local groups. Doing an ls -l of a share directory does
not resolve the gid numbers to names and an NT ACCESS DENIED is generated in
the PDC log file for each lookup. See my previous posts (from a few days
ago) for more information and logs.
-----Original Message-----
From: Eddie Lania [mailto:e.lania@elton.nl]
Sent: Thursday, August 01, 2002 7:54 AM
To: tsmailing@tronicplanet.de
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba 3.0 and group mapping
Hi,
I have exactly the same results.
Have you got an answer yet?
Or does anybody else know how to deal with this?
Thank you for a reply.
Greetings,
Eddie.
-----------------------------------
hi list,
i am playing with samba 3.0 alpha 17 from cvs 20020701 and global groups
running as pdc.
i installed to /usr/local/samba30 (having the lock dir under
/var/lock/samba30). i mapped some unix groups, but the dont appear as
global group. on the w2k sp1 machine. i have also no domain admins
right. the domain logon itself works fine.
any ideas?
btw: swat doesnt not work for me, it brings on the netscape client:
document contains now data. just for information.
thanx 4 any answers
thomas
output from smbgroupedit
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3013901393-2549662177-2794664770-512) -> tpuseradmin
Domain Guests (S-1-5-21-3013901393-2549662177-2794664770-514) -> nogroup
neuburger (S-1-5-21-3013901393-2549662177-2794664770-2001) -> service
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3013901393-2549662177-2794664770-513) -> users
tronicplanet (S-1-5-21-3013901393-2549662177-2794664770-1219) ->
tronicplanet
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
i added the tronicplanet group with "smbgroupedit -a tronicplanet -td"
Domain Admins
SID : S-1-5-21-3013901393-2549662177-2794664770-512
Unix group: tpuseradmin
Group type: Unknown type
Comment :
Privilege : SaAddUsers SeMachineAccountPrivilege SaPrintOp
tronicplanet
SID : S-1-5-21-3013901393-2549662177-2794664770-1219
Unix group: tronicplanet
Group type: Local group
Comment : Local Unix group
Privilege : No privilege
smb.conf
[global]
# code page directory = /etc/samba30/codepages
workgroup = TP-SAMBA
netbios name = TRONIC-PDC
interfaces = 192.168.0.31/255.255.255.192
bind interfaces only = Yes
encrypt passwords = Yes
security = user
# password server = venus
map to guest = Bad User
# passwd program = /usr/local/sbin/ldapsync.pl -o %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
log file = /var/log/samba30/%m
debug pid = Yes
debug uid = Yes
large readwrite = Yes
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
# character set = ISO8859-15
# domain admin group = @smbadm
logon path logon home domain logons = Yes
use spnego = no
os level = 64
wins support = Yes
passdb backend = ldapsam:ldap://localhost
# ldap port = 389
# ldap server = sonne.tronicplanet.de
ldap suffix = dc=tronicplanet,dc=de
ldap admin dn = uid=root,dc=tronicplanet,dc=de
ldap ssl = no
lock dir = /var/lock/samba30
pid directory = /var/run/samba30
socket address = 192.168.0.31
host msdfs = Yes
# admin users = @smbadm
# printer admin = @smbprtadm
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.xls/*.XLS