samba - May 2005 - Does or doesn't vampiring users add them into multiple groups at the same time?

Hi all,

The new NT migration chapter of Samba guide seems to indicate in the
migration Log Validation (section 9.3.1.1) that users get added to all the
same groups that they were in under the NT4 domain.  However I am not seeing
this despite having had a seemingly successful migration. All my users get
added into the Domain User group but not into any other group.  Is the text
below now wrong or right????

"

7. Q: After merging multiple NT4 Domains into a Samba-3 Domain, I lost all
multiple group
mappings. Why?
A: Samba-3 currently does not implement multiple group membership
internally. If you
use the Windows NT4 Domain User Manager to manage accounts and you have an
LDAP
backend, the multiple group membership is stored in the Posix groups area.
If you use
either tdbsam or smbpasswd backend, then multiple group membership is
handled through
the UNIX groups file. When you dump the user accounts no group account
information
is provided. When you edit (change) UIDs and GIDs in each file to which you
migrated
the NT4 Domain data, do not forget to edit the UNIX /etc/passwd and
/etc/group
information also. That is where the multiple group information is most
closely at your
fingertips.

"



Regards Geoff Scott

On Tuesday 10 May 2005 01:33, Geoff Scott wrote:
> Hi all,
>
> The new NT migration chapter of Samba guide seems to indicate in the
> migration Log Validation (section 9.3.1.1) that users get added to all the
> same groups that they were in under the NT4 domain.  However I am not
> seeing this despite having had a seemingly successful migration. All my
> users get added into the Domain User group but not into any other group. 
> Is the text below now wrong or right????
If you use version 3.0.12 or later, for most migrations the multi-group info 
should transfer OK. I am now aware that if the NT4 domain is post SP5 on some 
migrations multi-group info is not transferred and some account (both user 
and machine) password entries are not transferred either.

Maybe Andrew Bartlett will chime in on this?
> "
>
> 7. Q: After merging multiple NT4 Domains into a Samba-3 Domain, I lost all
> multiple group
> mappings. Why?
> A: Samba-3 currently does not implement multiple group membership
> internally. If you
> use the Windows NT4 Domain User Manager to manage accounts and you have an
> LDAP
> backend, the multiple group membership is stored in the Posix groups area.
> If you use
> either tdbsam or smbpasswd backend, then multiple group membership is
> handled through
> the UNIX groups file. When you dump the user accounts no group account
> information
> is provided. When you edit (change) UIDs and GIDs in each file to which you
> migrated
> the NT4 Domain data, do not forget to edit the UNIX /etc/passwd and
> /etc/group
> information also. That is where the multiple group information is most
> closely at your
> fingertips.
>
> "
Oops. That one needs updating. Thanks for pointing it out.

- John T.