I am following the installation described in Chapter 3 of Samba By Example (http://samba.org/samba/docs/man/Samba-Guide/secure.html) and at Step 5 i run into the following problem: I copied the example script to /etc/samba/initGrps.sh and customized the group names, then brandy:/etc/samba# chmod 755 initGrps.sh brandy:/etc/samba# ./initGrps.sh groupadd: group akkaras exists groupadd: group aksteinhilber exists groupadd: group akstark exists Updated mapping entry for Domain Admins Updated mapping entry for Domain Users Updated mapping entry for Domain Guests No rid or sid specified, choosing algorithmic mapping adding entry for group AK Karas failed! No rid or sid specified, choosing algorithmic mapping adding entry for group AK Steinhilber failed! No rid or sid specified, choosing algorithmic mapping adding entry for group AK Stark failed! Then after RTFMing I tried brandy:/etc/samba# net groupmap list | sort Account Operators (S-1-5-32-548) -> -1 Administrators (S-1-5-32-544) -> -1 AK Karas (S-1-5-21-1348455924-348699262-4184906134-3003) -> akkaras AK Stark (S-1-5-21-1348455924-348699262-4184906134-3007) -> akstark AK Steinhilber (S-1-5-21-1348455924-348699262-4184906134-3005) -> aksteinhilber Backup Operators (S-1-5-32-551) -> -1 Domain Admins (S-1-5-21-1348455924-348699262-4184906134-512) -> root Domain Admins (S-1-5-21-1972254233-2250998545-1379234658-512) -> -1 Domain Guests (S-1-5-21-1348455924-348699262-4184906134-514) -> nogroup Domain Guests (S-1-5-21-1972254233-2250998545-1379234658-514) -> -1 Domain Users (S-1-5-21-1348455924-348699262-4184906134-513) -> -1 Domain Users (S-1-5-21-1972254233-2250998545-1379234658-513) -> users Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Replicators (S-1-5-32-552) -> -1 System Operators (S-1-5-32-549) -> -1 So, it appears (atleast to me) that the mapping has worked, but what is failing then? Thanks in advance!!!
So i move on to Step 6 brandy:/etc/samba# useradd -m mhoernig brandy:/etc/samba# passwd mhoernig Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully brandy:/etc/samba# smbpasswd -a mhoernig New SMB password: Retype new SMB password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [mhoernig] without a primary group RID Failed to add entry for user mhoernig. Failed to modify password entry for user mhoernig I guess this is related (?).
On Thursday 09 June 2005 09:38, Jeremy wrote:> I am following the installation described in Chapter 3 of Samba By Example > (http://samba.org/samba/docs/man/Samba-Guide/secure.html) and at Step 5 i > run into the following problem: > > I copied the example script to /etc/samba/initGrps.sh and customized the > group names, then > > brandy:/etc/samba# chmod 755 initGrps.sh > brandy:/etc/samba# ./initGrps.sh > > groupadd: group akkaras exists > groupadd: group aksteinhilber exists > groupadd: group akstark exists > Updated mapping entry for Domain Admins > Updated mapping entry for Domain Users > Updated mapping entry for Domain Guests > No rid or sid specified, choosing algorithmic mapping > adding entry for group AK Karas failed! > No rid or sid specified, choosing algorithmic mapping > adding entry for group AK Steinhilber failed! > No rid or sid specified, choosing algorithmic mapping > adding entry for group AK Stark failed!How often have you run the initGrps.sh script?> > Then after RTFMing I tried > > brandy:/etc/samba# net groupmap list | sort > Account Operators (S-1-5-32-548) -> -1 > Administrators (S-1-5-32-544) -> -1 > AK Karas (S-1-5-21-1348455924-348699262-4184906134-3003) -> akkaras > AK Stark (S-1-5-21-1348455924-348699262-4184906134-3007) -> akstark > AK Steinhilber (S-1-5-21-1348455924-348699262-4184906134-3005) -> > aksteinhilber Backup Operators (S-1-5-32-551) -> -1 > Domain Admins (S-1-5-21-1348455924-348699262-4184906134-512) -> root > Domain Admins (S-1-5-21-1972254233-2250998545-1379234658-512) -> -1 > Domain Guests (S-1-5-21-1348455924-348699262-4184906134-514) -> nogroup > Domain Guests (S-1-5-21-1972254233-2250998545-1379234658-514) -> -1 > Domain Users (S-1-5-21-1348455924-348699262-4184906134-513) -> -1 > Domain Users (S-1-5-21-1972254233-2250998545-1379234658-513) -> users > Guests (S-1-5-32-546) -> -1 > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Replicators (S-1-5-32-552) -> -1 > System Operators (S-1-5-32-549) -> -1Your Samba SID has changed for one of the reasons documented in chapter 8 of the Samba-3 By Example book (current on-line version). You have multiple entries for Domain Users, Domain Groups, Domain Guests. Get rid of them by executing: net groupmap cleanup That should leave things in a sane state. - John T.> > So, it appears (atleast to me) that the mapping has worked, but what is > failing then? > > Thanks in advance!!!-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
On Thursday 09 June 2005 10:08, Jeremy wrote:> So i move on to Step 6 > > brandy:/etc/samba# useradd -m mhoernig > brandy:/etc/samba# passwd mhoernig > Enter new UNIX password: > Retype new UNIX password: > passwd: password updated successfully > brandy:/etc/samba# smbpasswd -a mhoernig > New SMB password: > Retype new SMB password: > tdb_update_sam: Failing to store a SAM_ACCOUNT for [mhoernig] without a > primary group RID > Failed to add entry for user mhoernig. > Failed to modify password entry for user mhoernig > > I guess this is related (?).Is the primary group of the account mhoernig a Windows group? - John T.
> How often have you run the initGrps.sh script?Numerous times. The fact that the groups exists is clear to me, as they were created on the first execution, however, this first run also produced the line "adding entry for group AK Stark failed!" FYI, this is Samba 3.0.14a-3 on Debian 3.1. Thanks for your prompt response John!
On Thursday 09 June 2005 13:18, Jeremy wrote:> > How often have you run the initGrps.sh script? > > Numerous times. The fact that the groups exists is clear to me, as they > were created on the first execution, however, this first run also produced > the line "adding entry for group AK Stark failed!" > > FYI, this is Samba 3.0.14a-3 on Debian 3.1. > > Thanks for your prompt response John!Stop samba, delete the /var/lib/samba/group_mapping.tdb file, then re-run the script. There should be NO errors. Then re-start samba. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.