Michael Lueck
2007-Jun-01 19:41 UTC
[Samba] Not seeing the expected group memberships with ifmember.exe /list
We have bumped into a most odd problem. Server: Debian Etch and their Samba 3.0.24-2 Client: WinXP SP2, MSI v3, all hot fixes The following settings are in place on the server: #!/bin/bash # # initGrps.sh # Map Windows Domain Groups to UNIX groups net groupmap add ntgroup="Domain Admins" unixgroup=domadmin rid=512 type=d net groupmap add ntgroup="Domain Users" unixgroup=domusers rid=513 type=d net groupmap add ntgroup="Domain Guests" unixgroup=domguest rid=514 type=d # Create some Domain Groups to administer local security net groupmap add ntgroup=ntadmins unixgroup=ntadmins type=d net groupmap add ntgroup=ntpwrusr unixgroup=ntpwrusr type=d net groupmap add ntgroup=ntusers unixgroup=ntusers type=d net groupmap add ntgroup=ntguests unixgroup=ntguests type=d When we join the domain, we run roughly the following script: ?REM JoinDomain.cmd NETDOM.EXE JOIN %ComputerName% /Domain:LDS-DEMO /UserD:ldsinst /PasswordD:password REM Remove domain to local group mapping done by NETDOM NET LOCALGROUP "Users" "LDS-DEMO\Domain Users" /DEL NET LOCALGROUP "Administrators" "LDS-DEMO\Domain Admins" /DEL REM Add domain to local group mapping NET LOCALGROUP "Administrators" "LDS-DEMO\ntadmins" /ADD NET LOCALGROUP "Power Users" "LDS-DEMO\ntpwrusr" /ADD NET LOCALGROUP "Users" "LDS-DEMO\ntusers" /ADD NET LOCALGROUP "Guests" "LDS-DEMO\ntguests" /ADD What is specifically missing in "ifmember /list" are: LDS-DEMO\Domains Admins LDS-DEMO\ntadmins We are at least getting membership to: LDS-DEMO\Domain Users <><><><><><><><><> What steps should we try as we try to track down this case of missing group memberships? -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
Michael Lueck
2007-Jun-04 02:47 UTC
[Samba] Debian Etch bug? Was -> Re: Not seeing the expected group memberships with ifmember.exe /list
Greetings List- It has been a long weekend... we have tried many things. It seems "something" is up with the 3.0.24-1 and -2 packages for Debian Etch that Debian put out. We installed the old hard drive in the mobile test server (aka ThinkPad) which still had Debian Sarge on it. Purged the Samba packages, and installed the packages of 3.0.24 from samba.org. Following the exact same steps, we end up with the expected permissions / memberships / etc... Also failing with the Etch server were assigning permission to a "special user" account for joining machines to the domain, and also assigning print admin permissions to the "Domain Admin" group. Those commands were successful with the Sarge hard drive. So, just a general heads up... something smelling fishy with Debian Etch. Since we have a workable solution, we plan on demoing on Debian Sarge, and also installing Ubuntu 7.04 server on the HDD with Debian Etch on it currently... and maybe do the presentation with Ubuntu if successful. fffeeeewwww.... (and it is only 22:45!) -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
Michael Lueck
2007-Jun-04 03:19 UTC
[Samba] Re: Debian Etch bug? Was -> Re: Not seeing the expected group memberships with ifmember.exe /list
Michael Lueck wrote:> It seems > "something" is up with the 3.0.24-1 and -2 packages for Debian Etch that > Debian put out.Correction, I see per the Debian page, those versions are actually 3.0.24-6etch1 and 3.0.24-6etch2. So, just to clarify. I took the time to at least file a Debian bug report as to our findings. It can be found at the following URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427444 -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
Maybe Matching Threads
- Q about net groupmap examples on samba.org
- Can not grant SeMachineAccountPrivilege on Debian Etch
- Why do un-groupmap'ed Unix groups show up in Windows?
- Samba Administrator account for XP
- Someone with "Access Denied" from Windows pls try this test to compare notes with me