A non-text attachment was scrubbed... Name: not available Type: text Size: 264 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/19971229/1a98df4c/attachment.bat
Hallo all!! How can i add domain grous on samba PDC server? Andrew
Hi there, I'm using the latest HEAD-CVS with LDAP, but I cannot see the builtin Domain Grups (Domain Admins, Domain Users, etc) in the Win2000 security tab. Also via rpcclient I only get NT_STATUS_UNSUCCESSFUL when i call enumdomgroups or enumalsgroups. smbgroupedit would tell me everything was right, as I mapped those groups to unix-groups according to the manuals. btw: how are aliases treated/mapped in HEAD now? Another thing is, that when I add a domain user to an acl (via Win2000 security tab), it takes quite a while until the user is added, and I get: [2002/03/26 12:22:29, 0] rpc_server/srv_samr.c:api_samr_query_sec_obj(149) api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ. [2002/03/26 12:22:29, 0] rpc_server/srv_pipe.c:api_rpcTNP(1185) api_rpcTNP: api_samr_rpc: SAMR_QUERY_SEC_OBJECT failed. Thanks in advance Martin _____________________________________________ MPREIS Warenvertriebs GmbH DI Martin Hechenberger, EDV-Entwicklung Landesstrasse 16, A-6176 V?ls Tel.: +43(512) 300 808 Fax.: +43(512) 3131 808 EMail : Martin.Hechenberger@mpreis.at Web: www.mpreis.at _____________________________________________
What is TNG? I have the same problem on solaris with not seeing all the groups--in particular, Domain Users. David -----Original Message----- From: Andreas Strodl [mailto:andreas@strodl.org] Sent: Thursday, March 28, 2002 6:28 AM To: samba@lists.samba.org Subject: Re: [Samba] Domain Groups On Wed, Mar 27, 2002 at 10:00:28PM +1100, Andrew Bartlett wrote:> martin.hechenberger@mpreis.at wrote: > > > > Hi there, > > > > I'm using the latest HEAD-CVS with LDAP, but I cannot see the builtin > > Domain Grups (Domain Admins, Domain Users, etc) in the Win2000 security > > tab. > > > > Also via rpcclient I only get NT_STATUS_UNSUCCESSFUL when i call > > enumdomgroups or enumalsgroups. smbgroupedit would tell me everythingwas> > right, as I mapped those groups to unix-groups according to themanuals.> > > > btw: how are aliases treated/mapped in HEAD now? > > You need to use smbgroupedit to setup 'unix group mapping' for this to > work in HEAD. > > Andrew Bartlett > > -- > Andrew Bartlett abartlet@pcug.org.au > Manager, Authentication Subsystems, Samba Team abartlet@samba.org > Student Network Administrator, Hawker College abartlet@hawkerc.net > http://samba.org http://build.samba.org http://hawkerc.net > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/sambathe domain group mapping support in head cvs is buggy because when I browse the domain groups it get special characters and not all of the mapped groups. If you really want to use domain groups use tng. its the better solution at the moment... But the policy with domain groups works fine for me. greets Andreas Strodl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
I have Samba acting as a PDC with Win 98, Win ME, and Win 2000 clients. I have shares on one of my Win 2000 clients that I would like to be able to manage permissions with using domain groups. For instance, I have logical groups for sales, recruiting, and staff. I have these groups defined on my Samba server and they work for Samba shares. Is there a way I can make these groups show up on my Win 2000 client when it queries the domain for users and groups when I'm setting permissions? Linus
Unfornunatly, you can't set permission on a domain group using Samba in Windows 2k/NT. You can always create a local group and add domain users in it. Yannick> -----Original Message----- > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > Behalf Of C. Linus Hicks > Sent: Wednesday, June 05, 2002 12:48 PM > To: samba@lists.samba.org > Subject: [Samba] Domain groups > > > I have Samba acting as a PDC with Win 98, Win ME, and Win 2000 clients. > I have shares on one of my Win 2000 clients that I would like to be able > to manage permissions with using domain groups. For instance, I have > logical groups for sales, recruiting, and staff. I have these groups > defined on my Samba server and they work for Samba shares. Is there a > way I can make these groups show up on my Win 2000 client when it > queries the domain for users and groups when I'm setting permissions? > > Linus > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
I have ACL's enabled and am getting a new error, in the Samba log (V 3.0.1Pre1, when attempting to set permissions on a file through Win2000: get_domain_user_groups: primary gid of user [terry] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that Do I need to create a group on the windows(2000) side? The entries in the domaingroup.map don't do this? Please be verbose in answering. A couple of good example wouldn't hurt also. I have a domain group map: domain group map = /etc/samba/domaingroup.map Contents of this map are: domuser = "Domain User" domadmin = "Domain Admin" I have terry in /etc/group and passwd as such: /etc/passwd: terry:x:505:10000::/home/terry:/bin/bash /etc/group: domuser:x:10000:terry, phillipd Thanyou very much Doug P
On Mon, 20 Oct 2003, Douglas Phillipson wrote:> I have ACL's enabled and am getting a new error, in the Samba log (V > 3.0.1Pre1, when attempting to set permissions on a file through Win2000: > > get_domain_user_groups: primary gid of user [terry] is not a Domain > group ! > get_domain_user_groups: You should fix it, NT doesn't like thatThe primary UNIX group for each user must map to a Domain group. That's all it means.> Do I need to create a group on the windows(2000) side? The entries in > the domaingroup.map don't do this? Please be verbose in answering. A > couple of good example wouldn't hurt also. > > I have a domain group map: > > domain group map = /etc/samba/domaingroup.map > > Contents of this map are: > > domuser = "Domain User" > domadmin = "Domain Admin"This is NOT supported in Samba-3. Instead you need to use the 'net groupmap' facility to map UNIX groups to NT Groups. This is well documented in chapter 12 of the Samba-HOWTO-Collection.pdf. I presume you did read it? To map the UNIX domuser group to Domain Users: net groupmap modify ntgroup="Domain Users" unixgroup=domusers> I have terry in /etc/group and passwd as such: > > /etc/passwd: > > terry:x:505:10000::/home/terry:/bin/bash > > /etc/group: > > domuser:x:10000:terry, phillipdThese entries are Ok. - John T. -- John H Terpstra Email: jht@samba.org