Hello,
I'm using Samba3Beta1 and i try to map group.
I create a posix group in my ldap:
dn: cn=Administrateurs du domaine,ou=Groups,dc=middleearth,dc=ring
objectClass: posixGroup
cn: Administrateurs du domaine
memberUid: root
memberUid: administrateur
gidNumber: 1000
And I try to map this group with the nt group : Domain Admins
net groupmap add ntgroup="Domain Admins"
unixgroup="Administrateurs du
domaine"
But it didn't work. It told me, how to use the nep groupmap command:
Usage: net groupmap add {rid=<int>|sid=<string>}......
So I, add "rid=512" to my command:
net groupmap add rid=512 ntgroup="Domain Admins"
unixgroup="Administrateurs du domaine"
And it worked.
I looked in my ldap, and see:
dn: cn=Administrateurs du domaine,ou=Groups,dc=middleearth,dc=ring
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Administrateurs du domaine
memberUid: root
memberUid: administrateur
gidNumber: 1000
sambaSID: S-1-5-21-3921159120-4202317873-1033194960-512
sambaGroupType: 2
displayName: Domain Admins
But When I try to look the privilege:
net groupmap list verbose
I see:
Domain Admins
SID :S-1-5-21-3921159120-4202317873-1033194960-512
Unix group:Administrateurs du domaine
Group type:Doamin
Comment :
Privilege : No privilege
Someone can tell me why there are no privilege... This is my Admin group
domain and I've got no privilege...It's no good.....
Is it a bug??
David PORTE
Gerald (Jerry) Carter
2003-Jun-24 03:25 UTC
[Samba] GroupMap : 'Privilege >> No privilege'
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Jun 2003, David PORTE wrote:> Domain Admins > SID :S-1-5-21-3921159120-4202317873-1033194960-512 > Unix group:Administrateurs du domaine > Group type:Doamin > Comment : > Privilege : No privilege > > Someone can tell me why there are no privilege... This is my Admin group > domain and I've got no privilege...It's no good.....The privileges mentioned here are the Se... ones. They have been dropped. Remember that this is totally differenent than admin rights. If you are confused, I would recommend reviewing some of the Windows technical docs available. They should help. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+98SXIR7qMdg1EfYRAjgRAKCOIzb6pPU+dM8AfXeMe/768iilsQCg4Hrj Kc8nNfC9AchuKkPcg/xhmQw=etao -----END PGP SIGNATURE-----
Apparently Analagous Threads
- Could not get RealPath CORDAF/*
- forcing a file to have the same uid from parent directory
- dovecot 2.2.5 with plugin listescape and shared mailbox with dot in INBOX
- Domain trust relationship between Samba 3.0.21c and AD 2003
- samba says "you have right" but I must not have right (Important - SECURITY ISSUE)