Should I delete them first? net groupmap list Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) -> Domain Admins #NOTE - listed only one for clarity# # net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512 unixgroup=root type=domain [2003/12/21 20:05:22, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database --- oh - ldif records from ldapsearch... # Domain Users, Groups, Mullen, US dn: cn=Domain Users,ou=Groups,o=Mullen,c=US objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3186189368-1246494298-1334198317-513 sambaGroupType: 2 displayName: Domain Users # root, Group, Mullen, US dn: cn=root,ou=Group,o=Mullen,c=US objectClass: posixGroup objectClass: top cn: root gidNumber: 0 It's making me crazy. Craig
Craig White wrote:> Should I delete them first? > > net groupmap list > Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) -> Domain > Admins #NOTE - listed only one for clarity# > > # net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512 > unixgroup=root type=domain > [2003/12/21 20:05:22, 0] > passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) > ldapsam_update_group_mapping_entry: No group to modify! > Could not update group databaseHave you tried using 'ntgroup' instead of 'sid' such as 'net groupmap modify ntgroup="Domain Admins" unixgroup=root type=domain'? -- Andrew Gaffney
On Mon, 2003-12-22 at 07:46, St?phane Purnelle wrote:> dn: cn=Domain Users,ou=Groups,o=Mullen,c=US > objectClass: posixGroup > objectClass: sambaGroupMapping > gidNumber: 513 > cn: Domain Users > description: Netbios Domain Users > sambaSID: S-1-5-21-3186189368-1246494298-1334198317-513 > sambaGroupType: 2 > displayName: Domain Users > > dn: cn=root,ou=Group,o=Mullen,c=US > objectClass: posixGroup > objectClass: top > cn: root > gidNumber: 0 > > I see in this desciption that root is in sub-tree ou=Group and Domain Users is in sub-tree ou=Groups, it's normal or not ?---- Yes, that is how I thought it was supposed to work. Thus all of the group info migrated from /etc/group went into ou=Group and all of the group info migrated from smbldap-populate.pl and hence-forth via LDAP assignments went into ou=Groups No? Craig