rolf@tysvernett.no
2005-Jun-06 21:52 UTC
[Samba] Problem listing group membership from Windows
I planned using ifmember.exe from Windows 2000 resource kit to map the right drive-mappings to the right shares with logon-scripts. Unfortunately it seems as ifmember simply doesnt report the right groups for the users. Even tho "id user1" shows the right groups; "uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0)", User is a member of group Elev\users. User is a member of group \Everyone. User is a member of group BUILTIN\Users. User is a member of group NT AUTHORITY\INTERACTIVE. User is a member of group NT AUTHORITY\Authenticated Users. User is a member of group \LOCAL. As you can see, only the local groups and the domain group "users" is displayed. # net groupmap list Domain Admins (S-1-5-21-1650503604-3559415045-1985522256-512) -> Domain Admins Domain Users (S-1-5-21-1650503604-3559415045-1985522256-513) -> Domain Users Domain Guests (S-1-5-21-1650503604-3559415045-1985522256-514) -> Domain Guests Administrators (S-1-5-21-1650503604-3559415045-1985522256-544) -> Administrators users (S-1-5-21-1650503604-3559415045-1985522256-545) -> Users Guests (S-1-5-21-1650503604-3559415045-1985522256-546) -> Guests Power Users (S-1-5-21-1650503604-3559415045-1985522256-547) -> Power Users Account Operators (S-1-5-21-1650503604-3559415045-1985522256-548) -> Account Operators Server Operators (S-1-5-21-1650503604-3559415045-1985522256-549) -> Server Operators Print Operators (S-1-5-21-1650503604-3559415045-1985522256-550) -> Print Operators Backup Operators (S-1-5-21-1650503604-3559415045-1985522256-551) -> Backup Operators Replicator (S-1-5-21-1650503604-3559415045-1985522256-552) -> Replicator Domain Computers (S-1-5-21-1650503604-3559415045-1985522256-553) -> Domain Computers Group0 (S-1-5-21-1650503604-3559415045-1985522256-3001) -> Group0 Group1 (S-1-5-21-1650503604-3559415045-1985522256-3003) -> Group1 Group2 (S-1-5-21-1650503604-3559415045-1985522256-3005) -> Group2 Group3 (S-1-5-21-1650503604-3559415045-1985522256-3007) -> Group3 Group4 (S-1-5-21-1650503604-3559415045-1985522256-3009) -> Group4 Group5 (S-1-5-21-1650503604-3559415045-1985522256-3011) -> Group5 Group6 (S-1-5-21-1650503604-3559415045-1985522256-3013) -> Group6 Group7 (S-1-5-21-1650503604-3559415045-1985522256-3015) -> Group7 Group8 (S-1-5-21-1650503604-3559415045-1985522256-3017) -> Group8 Samba version 3.0.10-0.1-SUSE
rolf@tysvernett.no
2005-Jun-06 22:03 UTC
[Samba] Problem listing group membership from Windows
Siterer rolf@tysvernett.no:> > I planned using ifmember.exe from Windows 2000 resource kit to map the right > drive-mappings to the right shares with logon-scripts. Unfortunately it seems > as ifmember simply doesnt report the right groups for the users. > > Even tho "id user1" shows the right groups; > "uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0)", > > User is a member of group Elev\users. > User is a member of group \Everyone. > User is a member of group BUILTIN\Users. > User is a member of group NT AUTHORITY\INTERACTIVE. > User is a member of group NT AUTHORITY\Authenticated Users. > User is a member of group \LOCAL. >[...] Additional info: add user script = ldapsmb -a -u "%u" delete user script = /ldap/deluser "%u" add group script = ldapsmb -a -g "%g" delete group script = ldapsmb -d -g "%g" add user to group script = ldapsmb -j -u "%u" -g "%g" delete user from group script = ldapsmb -j -u "%u" -g "%g" set primary group script = ldapsmb -m -u "%u" -gid "%g" This is a LDAP-setup with an remote LDAP-server. Are there any workaround when I can't use ifmember? I might use preexe to create a logon-script for each and every user, but that seems very cumbersome and hard-to-maintain. I'll buy you a beer if anyone can help me on this one :) Cheers Rolf