I have yet to get group mapping to work in samba 3.0. Getting very frustrated. I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've added the base domain groups as posixAccounts to the LDAP database using smbldap-populate.pl. root@lnxsrvr2:/usr/local/etc/openldap# ldapsearch -xv -b "o=30greatneck,dc=home,dc=net" # Administrator, Users, 30GreatNeck, home.net dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /accounts sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2996 loginShell: /bin/false gecos: Netbios Domain Administrator # nobody, Users, 30GreatNeck, home.net dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2998 loginShell: /bin/false # Domain Admins, Groups, 30GreatNeck, home.net # Domain Admins, Groups, 30GreatNeck, home.net dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators (need smb.conf configuration) # Domain Users, Groups, 30GreatNeck, home.net dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 513 cn: Domain Users description: Netbios Domain Users (not implemented yet) memberUid: kent # Domain Guests, Groups, 30GreatNeck, home.net dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users (not implemented yet) # Administrators, Groups, 30GreatNeck, home.net dn: cn=Administrators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName (not implemented yet) # Users, Groups, 30GreatNeck, home.net dn: cn=Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 545 cn: Users description: Netbios Domain Ordinary users (not implemented yet) # Guests, Groups, 30GreatNeck, home.net dn: cn=Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 546 cn: Guests memberUid: nobody description: Netbios Domain Users granted guest access to the computer/sambaDo mainName (not implemented yet) # Power Users, Groups, 30GreatNeck, home.net dn: cn=Power Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers (not im plemented yet) # Account Operators, Groups, 30GreatNeck, home.net dn: cn=Account Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts (not implemente d yet) # Server Operators, Groups, 30GreatNeck, home.net dn: cn=Server Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 549 cn: Server Operators description: Netbios Domain Server Operators (need smb.conf configuration) # Print Operators, Groups, 30GreatNeck, home.net dn: cn=Print Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators (need smb.conf configuration) # Backup Operators, Groups, 30GreatNeck, home.net dn: cn=Backup Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files (not implemented yet) # Replicator, Groups, 30GreatNeck, home.net dn: cn=Replicator,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 552 cn: Replicator description: Netbios Domain Supports file replication in a sambaDomainName (no t implemented yet) # Domain Computers, Groups, 30GreatNeck, home.net dn: cn=Domain Computers,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 553 cn: Domain Computers description: Netbios Domain Computers accounts # 30GREATNECK, 30GreatNeck, home.net dn: sambaDomainName=30GREATNECK,o=30GreatNeck,dc=home,dc=net sambaDomainName: 30GREATNECK sambaSID: S-1-5-21-739112995-4084651483-89095900 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain /usr/local/src# /usr/local/samba/bin/net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 adding entry for group Domain Admins failed! /usr/local/samba/bin/net groupmap modify ntgroup="Domain Admins" unixgroup=root NT Group Domain Admins doesn't exist in mapping DB I also tryed the above I know I need to map Domain Admins to root users to be able to create machine accounts for W2k machines. What are some reasons for this to fail? I've read a great deal of documentation and everything I try fails. -- Kent L. Nasveschuk <kent@wareham.k12.ma.us>