thr3ads.net - samba - [Samba] samba3 - On-the-Fly Machine Accounts

If this information is useful, please help other people find it:
Share via:

Rauno Tuul

2003-Sep-06 19:06 UTC

[Samba] samba3 - On-the-Fly Machine Accounts - domain admin g roup?

Hi,

-----Original Message-----
From: John H Terpstra [mailto:jht@samba.org]
> "domain admin group" removed
>
> Because you now have something much more powerful that provides real NT
> Groups to your NT/200x/XP clients.
But if I use LDAP for both Samba and system auth.
The groups, what I added with base.ldif (idealx) exist in samba and system.
for example "getent group" shows me all groups in system (/etc/group +
ldap
entries).
> Here are the basic steps:
>
> 1. Add a UNIX group account that will be mapped to the NT Domain Admins
> global group:
>      groupadd ntadmins
How samba knows, that users in that group may update LDAP base? based on
groupmap entry? If no groupmapping is done, then noone except "admin
user"?
> 2. Now add the UNIX users who should be a member of the NT Domain Admins
> group to the UNIX ntadmins account:
>
> a) You can edit /etc/group so that the ntadmins entry looks like:
>       ntadmins:x:543:maryo,willy,billg
>
> Now map the UNIX group to the NT Domain Admins group:
>        net groupmap add ntgroup="Domain Admins"
unixgroup=ntadmins
If I'm correct:
net groupmap add ntgroup="Domain Admins" unixgroup=whatevergroup
is a must be for adding On-the-Fly Machine Accounts?

But what if I already did it in LDAP?
I added a group name "Domain Admins" to my base, added users to group.
It's
useless?

As I followed your instructions, I made a random group.
But problem is... I can't get working "net groupmap list" and
"net groupmap
add" commands.

Something is wrong, but I can't figure out what it is...
Here are the files and data of my current state and problem:

http://raunz.pri.ee/linux/samba/samba3/
smb.conf
getent group & getent passwd
ldap data
debug output of "net groupmap..." commands
> Hope this helps! IT is covered in the Samba-HOWTO-Collection.pdf file that
> is included with Samba-3 in the docs directory.
I read it... even tried to use that script for group adding... nothing.
Honestly said, I'm pretty lost in here...

Regards,

Rauno

Apparently Analagous Threads

Search for more maybe matching threads

samba - Sep 2003 - samba3 - On-the-Fly Machine Accounts - domain admin g roup?

[Samba] samba3 - On-the-Fly Machine Accounts - domain admin g roup?

Apparently Analagous Threads

Wisdom of the Ancients