Michael Lueck
2006-Mar-10 15:29 UTC
[Samba] Why do un-groupmap'ed Unix groups show up in Windows?
Typical Linux Distros add all sorts of Unix groups to users when it creates them, like cdrom, floppy, dialout, audio, etc... Logging in to the domain from Windows with an account that has such membership over on Linux... "ifmember.exe /list" shows all of those memberships. Why exactly? I would expect only the groups I did a "net groupmap" on would be considered by Samba. Makes me wonder the real results of... net groupmap add ntgroup=ntadmins unixgroup=ntadmins type=d since groups I did not map show up on Windows. ????? -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly.
Gerald (Jerry) Carter
2006-Mar-13 04:33 UTC
[Samba] Why do un-groupmap'ed Unix groups show up in Windows?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Lueck wrote:> Typical Linux Distros add all sorts of Unix groups to users when it > creates them, like cdrom, floppy, dialout, audio, etc... > > Logging in to the domain from Windows with an account that has such > membership over on Linux... "ifmember.exe /list" shows all of those > memberships. Why exactly? I would expect only the groups I did a "net > groupmap" on would be considered by Samba. Makes me wonder the real > results of... > > net groupmap add ntgroup=ntadmins unixgroup=ntadmins type=d > > since groups I did not map show up on Windows.The unmapped groups are still part of the user's token. So they have to be reported somehow. Same thing if you look at the ACL on a file that has a unmapped group. You expect to see the Unix group name, cheers, jerry ====================================================================I live in a Reply-to-All world. ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEFPXAIR7qMdg1EfYRAlFtAKCZa64i7Uz3X8hwX/C9HFCZyDXszgCdG+9C 8qqrEQJJNjxrNimtzFfeFNI=J2vl -----END PGP SIGNATURE-----
Seemingly Similar Threads
- Not seeing the expected group memberships with ifmember.exe /list
- What file gets corrupted in Samba when perms stop working correctly?
- Checking effective group membership - Linux side
- A (maybe)_ easy solution to global login script for group checking
- Q about net groupmap examples on samba.org