On Tue, 9 Sep 2003 godber@win.co.nz wrote:> Relevant part of "net3 groupmap list" is > > System Operators (S-1-5-21-1617713866-2789119093-1479812082-1007) -> sys > > In howto there is the following example > > net groupmap modify ntgroup="System Operators" unixgroup=sys > net groupmap modify ntgroup="Power Users" unixgroup=sys > > You can add System Operators but trying to add Power Users fails. If you do it in reverse adding Poer Users works. > > net groupmap add ntgroup="Power Users" unixgroup=sys > No rid or sid specified, choosing algorithmic mapping > [2003/09/09 18:22:39, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) > Group 3 already exists in LDAP > adding entry for group Power Users failed! > > Is the example wrong?Try: net groupmap add ntgroup="Power Users" unixgroup=sys type=d rid=1008> Can multiple ntgroups map to a single unix group?Yes. - John T.> > Also > > net groupmap add ntgroup="Users" unixgroup=users > > fails other unixgroups work is users special > > users is a group in ldap > > ldapsearch -LL -H ldap://localhost -b"dc=hattaways,dc=com" -x "(cn=users)" > version: 1 > > dn: cn=users,ou=Group,dc=hattaways,dc=com > objectClass: posixGroup > objectClass: top > cn: users > gidNumber: 10501 > memberUid: godfrey > > > > Otherwise rc3 appears to work > > Many Thanks > > Godfrey >-- John H Terpstra Email: jht@samba.org
Relevant part of "net3 groupmap list" is System Operators (S-1-5-21-1617713866-2789119093-1479812082-1007) -> sys In howto there is the following example net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Power Users" unixgroup=sys You can add System Operators but trying to add Power Users fails. If you do it in reverse adding Poer Users works. net groupmap add ntgroup="Power Users" unixgroup=sys No rid or sid specified, choosing algorithmic mapping [2003/09/09 18:22:39, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) Group 3 already exists in LDAP adding entry for group Power Users failed! Is the example wrong? Can multiple ntgroups map to a single unix group? Also net groupmap add ntgroup="Users" unixgroup=users fails other unixgroups work is users special users is a group in ldap ldapsearch -LL -H ldap://localhost -b"dc=hattaways,dc=com" -x "(cn=users)" version: 1 dn: cn=users,ou=Group,dc=hattaways,dc=com objectClass: posixGroup objectClass: top cn: users gidNumber: 10501 memberUid: godfrey Otherwise rc3 appears to work Many Thanks Godfrey
Sorry it still does no work Linux version is Mandrake 8.2 I made rc3 rpm using mandrake samba3 src rpm with necessary minnor modifications Listed all groups so you can see rid not problem [root@server01 migration]# net3 groupmap list Administrators (S-1-5-21-1617713866-2789119093-1479812082-512) -> root Backup Operators (S-1-5-21-1617713866-2789119093-1479812082-1003) -> bin Replicators (S-1-5-21-1617713866-2789119093-1479812082-1005) -> daemon System Operators (S-1-5-21-1617713866-2789119093-1479812082-1007) -> sys Print Operators (S-1-5-21-1617713866-2789119093-1479812082-1015) -> lp Domain Admins (S-1-5-21-1617713866-2789119093-1479812082-21003) -> ntadmin Staff (S-1-5-21-1617713866-2789119093-1479812082-22001) -> staff Accounts (S-1-5-21-1617713866-2789119093-1479812082-22005) -> accounts Family (S-1-5-21-1617713866-2789119093-1479812082-22007) -> family Domain Guests (S-1-5-21-1617713866-2789119093-1479812082-514) -> nogroup [root@server01 migration]# net3 groupmap add ntgroup="Power Users" unixgroup=sys type=d rid=1008 [2003/09/09 20:05:24, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) Group 3 already exists in LDAP adding entry for group Power Users failed! It does not seem to like multiple ntgroups to single unix group Many Thanks Godfrey [SNIP]> > Try: > > net groupmap add ntgroup="Power Users" unixgroup=sys type=d rid=1008 > > > > Can multiple ntgroups map to a single unix group? > > Yes. > > > - John T. >[SNIP]
still fails sorry [root@server01 migration]# net3 groupmap list Administrators (S-1-5-21-1617713866-2789119093-1479812082-512) -> root Backup Operators (S-1-5-21-1617713866-2789119093-1479812082-1003) -> bin Replicators (S-1-5-21-1617713866-2789119093-1479812082-1005) -> daemon Power Users (S-1-5-32-547) -> sys Print Operators (S-1-5-21-1617713866-2789119093-1479812082-1015) -> lp Domain Admins (S-1-5-21-1617713866-2789119093-1479812082-21003) -> ntadmin Staff (S-1-5-21-1617713866-2789119093-1479812082-22001) -> staff Accounts (S-1-5-21-1617713866-2789119093-1479812082-22005) -> accounts Family (S-1-5-21-1617713866-2789119093-1479812082-22007) -> family Domain Guests (S-1-5-21-1617713866-2789119093-1479812082-514) -> nogroup [root@server01 migration]# net3 groupmap add ntgroup="Flying Pigs" unixgroup=sys type=l No rid or sid specified, choosing algorithmic mapping [2003/09/09 20:36:19, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) Group 3 already exists in LDAP adding entry for group Flying Pigs failed! or [root@server01 migration]# net3 groupmap add ntgroup="Flying Pigs" unixgroup=sys type=l rid=1008 [2003/09/09 20:40:53, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) Group 3 already exists in LDAP adding entry for group Flying Pigs failed! [root@server01 migration]# net3 -V Version 3.0.0rc3 Might be related to my version of ldap 2.0.21-4mdk> On Tue, 9 Sep 2003 godber@win.co.nz wrote: > > > Sorry it still does no work > > > > Linux version is Mandrake 8.2 I made rc3 rpm using mandrake samba3 src rpm > > with necessary minnor modifications > > > > Listed all groups so you can see rid not problem > > > > [root@server01 migration]# net3 groupmap list > > Administrators (S-1-5-21-1617713866-2789119093-1479812082-512) -> root > > Backup Operators (S-1-5-21-1617713866-2789119093-1479812082-1003) -> bin > > Replicators (S-1-5-21-1617713866-2789119093-1479812082-1005) -> daemon > > System Operators (S-1-5-21-1617713866-2789119093-1479812082-1007) -> sys > > Print Operators (S-1-5-21-1617713866-2789119093-1479812082-1015) -> lp > > Domain Admins (S-1-5-21-1617713866-2789119093-1479812082-21003) -> ntadmin > > Staff (S-1-5-21-1617713866-2789119093-1479812082-22001) -> staff > > Accounts (S-1-5-21-1617713866-2789119093-1479812082-22005) -> accounts > > Family (S-1-5-21-1617713866-2789119093-1479812082-22007) -> family > > Domain Guests (S-1-5-21-1617713866-2789119093-1479812082-514) -> nogroup > > > > [root@server01 migration]# net3 groupmap add ntgroup="Power Users" unixgroup=sys > > type=d rid=1008 > > [2003/09/09 20:05:24, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1911) > > Group 3 already exists in LDAP > > adding entry for group Power Users failed! > > > > It does not seem to like multiple ntgroups to single unix group > > Not quite! You can not have more than one NT Domain Group per UNIX Group. > But you can have more than on NT Local Group per UNIX group. > > Try: > > net groupmap add ntgroup="Flying Pigs" unixgroup=sys type=l > > net groupmap list > > > Here's my output: > ----------------- > frodo:~ # net groupmap modify ntgroup=Replicators unixgroup=sys > Updated mapping entry for Replicators > > frodo:~ # net groupmap list > System Operators (S-1-5-32-549) -> sys > Replicators (S-1-5-32-552) -> sys > Guests (S-1-5-32-546) -> nobody > Domain Users (S-1-5-21-1593769616-160655940-3590153233-513) -> users > Domain Admins (S-1-5-21-1593769616-160655940-3590153233-512) -> root > Domain Guests (S-1-5-21-1593769616-160655940-3590153233-514) -> nobody > Power Users (S-1-5-32-547) -> sys > Master (S-1-5-21-1593769616-160655940-3590153233-2345) -> master > Print Operators (S-1-5-32-550) -> lp > Administrators (S-1-5-32-544) -> root > Account Operators (S-1-5-32-548) -> root > Backup Operators (S-1-5-32-551) -> bin > Users (S-1-5-32-545) -> users > > - John T. > > > > > Many Thanks > > > > Godfrey > > [SNIP] > > > > > > Try: > > > > > > net groupmap add ntgroup="Power Users" unixgroup=sys type=d rid=1008 > > > > > > > > > > Can multiple ntgroups map to a single unix group? > > > > > > Yes. > > > > > > > > > - John T. > > > > > [SNIP] > > > > > > -- > John H Terpstra > Email: jht@samba.org