Currently, my company is trying to deploy a Samba 3.0 server with an LDAP back end, for domain authentication. Everything's going extremely well so far except for one facet: net groupmap doesn't seem to play well with LDAP. I can make the mappings just fine: hank:/var# net groupmap list Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) -> users Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) -> wheel However, when it comes to actually giving these users the permissions, it isn't done. Members of wheel aren't given Administrative privilege on Domain Member machines. And I can't seem to figure out if there's a way to view the membership of a group through Windows dialogs, so I can verify whether or not the correct users are indeed members. Has anyone else had a problem similar to this, or can give me pointers as to where to proceed from here? -- Stephen Touset -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.samba.org/archive/samba/attachments/20040506/69a111f9/signature.bin
Hi I'm having a similar problem. Have you tried checking whether the group is listed in the local group in computer management? Or can't you get that far because of user privileges? My problem is that I have to restart the computer before the second user logs on to get the correct privileges. It's a bit annoying having to restart just to login as a different user. Ned -----Original Message----- From: samba-bounces+samba=klesknet.com@lists.samba.org [mailto:samba-bounces+samba=klesknet.com@lists.samba.org] On Behalf Of Stephen Touset Sent: 06 May 2004 22:19 To: samba@lists.samba.org Subject: [Samba] groupmap not working correctly Currently, my company is trying to deploy a Samba 3.0 server with an LDAP back end, for domain authentication. Everything's going extremely well so far except for one facet: net groupmap doesn't seem to play well with LDAP. I can make the mappings just fine: hank:/var# net groupmap list Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) -> users Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) -> wheel However, when it comes to actually giving these users the permissions, it isn't done. Members of wheel aren't given Administrative privilege on Domain Member machines. And I can't seem to figure out if there's a way to view the membership of a group through Windows dialogs, so I can verify whether or not the correct users are indeed members. Has anyone else had a problem similar to this, or can give me pointers as to where to proceed from here? -- Stephen Touset
On Thu, 6 May 2004, Stephen Touset wrote:> Currently, my company is trying to deploy a Samba 3.0 server with an > LDAP back end, for domain authentication. Everything's going extremely > well so far except for one facet: net groupmap doesn't seem to play well > with LDAP. I can make the mappings just fine: > > hank:/var# net groupmap list > Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) -> users > Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) -> wheel > > However, when it comes to actually giving these users the permissions, > it isn't done. Members of wheel aren't given Administrative privilege on > Domain Member machines. And I can't seem to figure out if there's a way > to view the membership of a group through Windows dialogs, so I can > verify whether or not the correct users are indeed members. > > Has anyone else had a problem similar to this, or can give me pointers > as to where to proceed from here? > >You need to ensure that the unix group memberships are correct on the domain controller (ie 'groups $user'). Especially since you are re-using pre-existing unix groups (which can cause confusion on the part of the nss service if the groups exist both in local files and in LDAP). I would suggest that you use new unix groups (or be very careful with your nss set up etc). Regards, Buchan