George Farris
2003-Jul-23 16:44 UTC
[Samba] conflicting domain portions are not supported for NETLOGON calls
I'm seeing this error in my log file under samba-3.0beta3. "The conflicting domain portions are not supported for NETLOGON calls." I have created a unix/samba user testuser and a unix group pwruser. The testuser's primary group is pwruser. Next I mapped the ntgroup to pwruser with: "net groupmap modify ntgroup="Power Users" unixgroup=pwruser" and net groupmap list shows: [root@owl samba]# net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> pwruser Print Operators (S-1-5-32-550) -> -1 Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) -> -1 but when I login I get the above message and the user is not a Power User, is this a bug in Samba or have I missed a step? This is a stand alone version of samba, ie, no ldap or ads or other servers involved. Samba is set for domain logons and works. -- George Farris farrisg@mala.bc.ca Computer Support Cowichan.
Andrew Bartlett
2003-Jul-25 03:02 UTC
[Samba] conflicting domain portions are not supported for NETLOGON calls
On Thu, 2003-07-24 at 02:44, George Farris wrote:> I'm seeing this error in my log file under samba-3.0beta3. > "The conflicting domain portions are not supported for NETLOGON calls." > > I have created a unix/samba user testuser and a unix group pwruser. > The testuser's primary group is pwruser. > > Next I mapped the ntgroup to pwruser with: > "net groupmap modify ntgroup="Power Users" unixgroup=pwruser" > > and net groupmap list shows: > [root@owl samba]# net groupmap list > System Operators (S-1-5-32-549) -> -1 > Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Power Users (S-1-5-32-547) -> pwruserYou cannot do it this way - power users is determined on the workstation, and the user can only be a member of groups in it's own domain. (not the 'special' groups) Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030725/3ac9442b/attachment.bin