samba - Jun 2005 - Group Problems

Hello all, I am having a some problems with groups.  If I use this
command "net rpc group list -Uroot%not24get" as the root users I get
an error.  "Could not connect to server 127.0.0.1
The username or password was not correct"

If I try to add groups I also get the same error.

and I don't know if this is relevent or not but when I try to join win
groups and Unix groups   via this command  " net groupmap add
ntgroup="Domain Admins" unixgroup=domadm"     I get this message.

"No rid or sid specified, choosing algorithmic mapping
Successully added group Domain Admins to the mapping db"

 and the group domadm is there.  If I try to use any of the user that
are in the domadm group, they don't have any admin rights.  I don't
think groupmaps are working at all.

Could someone point me in the right direction?

I am running CentOS with samba 3.0.9.


Here is a the output from a "net groupmap list"


-------------------------------------------------------------------------------------------------------------------

System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) -> -1
Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053) -> domadm
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) -> -1

----------------------------------------------------------------------------------------------------------------------



If any more info is need just ask, I will provide no prob.

Thanks all

You know, I hate to sound rather annoyed, but we got your first two  
postings of this exact same message.

Replies aren't instant. It takes time before people who can help you  
with your problem can get around to reading it under the deluge of  
messages that come flooding in.

On Jun 6, 2005, at 22.26, Dominic Iadicicco wrote:
> Hello all, I am having a some problems with groups.  If I use this
> command "net rpc group list -Uroot%not24get" as the root users I
get
> an error.  "Could not connect to server 127.0.0.1
                                           ^^^^^^^^^
Right there. 127.0.0.1 is ALWAYS the loopback for the computer you're  
on. Perhaps there's some kind of conflict occurring here because of  
that? Try connecting from a different computer.
> The username or password was not correct"
>
> If I try to add groups I also get the same error.
>
> and I don't know if this is relevent or not but when I try to join win
> groups and Unix groups   via this command  " net groupmap add
> ntgroup="Domain Admins" unixgroup=domadm"     I get this
message.
>
> "No rid or sid specified, choosing algorithmic mapping
> Successully added group Domain Admins to the mapping db"
>
>  and the group domadm is there.  If I try to use any of the user that
> are in the domadm group, they don't have any admin rights.  I don't
> think groupmaps are working at all.
>
> Could someone point me in the right direction?
>
> I am running CentOS with samba 3.0.9.
>
>
> Here is a the output from a "net groupmap list"
>
>
> ---------------------------------------------------------------------- 
> ---------------------------------------------
>
> System Operators (S-1-5-32-549) -> -1
> Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) -> -1
> Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053) ->  
> domadm
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) -> -1
>
> ---------------------------------------------------------------------- 
> ------------------------------------------------
>
>
>
> If any more info is need just ask, I will provide no prob.
>
> Thanks all
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

Do you have to have use ldap in order to use samba groups?

> > >
> > > If I try to add groups I also get the same error.
> > >
> > > and I don't know if this is relevent or not but when I try to
join win
> > > groups and Unix groups   via this command  " net groupmap
add
> > > ntgroup="Domain Admins" unixgroup=domadm"     I
get this message.
> > >
> > > "No rid or sid specified, choosing algorithmic mapping
> > > Successully added group Domain Admins to the mapping db"
> > >
> > >  and the group domadm is there.  If I try to use any of the user
that
> > > are in the domadm group, they don't have any admin rights.  I
don't
> > > think groupmaps are working at all.
> > >
> > > Could someone point me in the right direction?
> > >
> > > I am running CentOS with samba 3.0.9.
> > >
> > >
> > > Here is a the output from a "net groupmap list"
> > >
> > >
> > >
----------------------------------------------------------------------
> > > ---------------------------------------------
> > >
> > > System Operators (S-1-5-32-549) -> -1
> > > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512)
-> -1
> > > Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514)
-> -1
> > > Replicators (S-1-5-32-552) -> -1
> > > Guests (S-1-5-32-546) -> -1
> > > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2053)
->
> > > domadm
> > > Power Users (S-1-5-32-547) -> -1
> > > Print Operators (S-1-5-32-550) -> -1
> > > Administrators (S-1-5-32-544) -> -1
> > > Account Operators (S-1-5-32-548) -> -1
> > > Backup Operators (S-1-5-32-551) -> -1
> > > Users (S-1-5-32-545) -> -1
> > > Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) ->
-1
> > >
> > >
----------------------------------------------------------------------
> > > ------------------------------------------------
> > >
> > >
> > >
> > > If any more info is need just ask, I will provide no prob.
> > >
> > > Thanks all
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
>

Ok let me ask this:
 
 
 Why after I create a group map of "Domain Admins" to my unixgroup
 "domadm" do I now have two entries listed for Domain Admins?
 
 
 one to -1 the other to my domadm unix group
 
---------------------------------------------------------------------

 System Operators (S-1-5-32-549) -> -1
> Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) -> -1
> Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) -> domadm
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) -> -1
>
----------------------------------------------------------------------------------------------------
>

Hi,

For specify Domain Admins grou mapping, you must use net groupmap with rid
parameter :
proto : net groupmap add {rid=int|sid=string} unixgroup=string
[type={domain|local}] [ntgroup=string] [comment=string]

ex : net groupmap add rid=512 unixgroup=domadm ntgroup="Domain Admins"


-----------------------------------
St?phane PURNELLE                         stephane.purnelle@corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur
07/06/2005 15:30:40 :
>  Ok let me ask this:
>
>
>  Why after I create a group map of "Domain Admins" to my
unixgroup
>  "domadm" do I now have two entries listed for Domain Admins?
>
>
>  one to -1 the other to my domadm unix group
>
> ---------------------------------------------------------------------
>
>  System Operators (S-1-5-32-549) -> -1
> > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) -> -1
> > Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) -> -1
> > Replicators (S-1-5-32-552) -> -1
> > Guests (S-1-5-32-546) -> -1
> > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) ->
domadm
> > Power Users (S-1-5-32-547) -> -1
> > Print Operators (S-1-5-32-550) -> -1
> > Administrators (S-1-5-32-544) -> -1
> > Account Operators (S-1-5-32-548) -> -1
> > Backup Operators (S-1-5-32-551) -> -1
> > Users (S-1-5-32-545) -> -1
> > Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) -> -1
> >
>
----------------------------------------------------------------------------------------------------
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

When I try this it fails:


[root@cybserver root]# net groupmap add rid=512 unixgroup=domadm
ntgroup="Domain Admins"
adding entry for group Domain Admins failed!
[root@cybserver root]#


I understand why my domain admin user dont have admin rights, because
they need to have an rid of 512, but I cant create that.

Maybe its a but in my distro?





On 6/7/05, spu@corman.be <spu@corman.be> wrote:
> 
> Hi,
> 
> For specify Domain Admins grou mapping, you must use net groupmap with rid
> parameter :
> proto : net groupmap add {rid=int|sid=string} unixgroup=string
> [type={domain|local}] [ntgroup=string] [comment=string]
> 
> ex : net groupmap add rid=512 unixgroup=domadm ntgroup="Domain
Admins"
> 
> 
> -----------------------------------
> St?phane PURNELLE                         stephane.purnelle@corman.be
> Service Informatique       Corman S.A.           Tel : 00 32 087/342467
> 
> samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur
> 07/06/2005 15:30:40 :
> 
> >  Ok let me ask this:
> >
> >
> >  Why after I create a group map of "Domain Admins" to my
unixgroup
> >  "domadm" do I now have two entries listed for Domain
Admins?
> >
> >
> >  one to -1 the other to my domadm unix group
> >
> > ---------------------------------------------------------------------
> >
> >  System Operators (S-1-5-32-549) -> -1
> > > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512)
-> -1
> > > Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514)
-> -1
> > > Replicators (S-1-5-32-552) -> -1
> > > Guests (S-1-5-32-546) -> -1
> > > Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091)
-> domadm
> > > Power Users (S-1-5-32-547) -> -1
> > > Print Operators (S-1-5-32-550) -> -1
> > > Administrators (S-1-5-32-544) -> -1
> > > Account Operators (S-1-5-32-548) -> -1
> > > Backup Operators (S-1-5-32-551) -> -1
> > > Users (S-1-5-32-545) -> -1
> > > Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) ->
-1
> > >
> >
>
----------------------------------------------------------------------------------------------------
> 
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba--
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

That did the job, thank very much :)

Dom

On 6/7/05, John H Terpstra <jht@samba.org> wrote:
> On Tuesday 07 June 2005 07:51, Dominic Iadicicco wrote:
> > When I try this it fails:
> >
> >
> > [root@cybserver root]# net groupmap add rid=512 unixgroup=domadm
> > ntgroup="Domain Admins"
> > adding entry for group Domain Admins failed!
> > [root@cybserver root]#
> >
> >
> > I understand why my domain admin user dont have admin rights, because
> > they need to have an rid of 512, but I cant create that.
> >
> > Maybe its a but in my distro?
> 
> No. Samba auto-creates mappings for the "Domain Users",
"Domain Guests", and
> "Domain Admins" groups. You can only modify them.
> 
>         net groupmap modify ntgroup="Domain Admins"
unixgroup=ntadmins
> 
> - John T.
> 
> 
> >
> > On 6/7/05, spu@corman.be <spu@corman.be> wrote:
> > > Hi,
> > >
> > > For specify Domain Admins grou mapping, you must use net groupmap
with
> > > rid parameter :
> > > proto : net groupmap add {rid=int|sid=string} unixgroup=string
> > > [type={domain|local}] [ntgroup=string] [comment=string]
> > >
> > > ex : net groupmap add rid=512 unixgroup=domadm
ntgroup="Domain Admins"
> > >
> > >
> > > -----------------------------------
> > > St?phane PURNELLE                        
stephane.purnelle@corman.be
> > > Service Informatique       Corman S.A.           Tel : 00 32
087/342467
> > >
> > > samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit
sur
> > >
> > > 07/06/2005 15:30:40 :
> > > >  Ok let me ask this:
> > > >
> > > >
> > > >  Why after I create a group map of "Domain Admins"
to my unixgroup
> > > >  "domadm" do I now have two entries listed for
Domain Admins?
> > > >
> > > >
> > > >  one to -1 the other to my domadm unix group
> > > >
> > > >
---------------------------------------------------------------------
> > > >
> > > >  System Operators (S-1-5-32-549) -> -1
> > > >
> > > > > Domain Admins
(S-1-5-21-4008386108-3466510086-266964780-512) -> -1
> > > > > Domain Guests
(S-1-5-21-4008386108-3466510086-266964780-514) -> -1
> > > > > Replicators (S-1-5-32-552) -> -1
> > > > > Guests (S-1-5-32-546) -> -1
> > > > > Domain Admins
(S-1-5-21-4008386108-3466510086-266964780-2091) ->
> > > > > domadm Power Users (S-1-5-32-547) -> -1
> > > > > Print Operators (S-1-5-32-550) -> -1
> > > > > Administrators (S-1-5-32-544) -> -1
> > > > > Account Operators (S-1-5-32-548) -> -1
> > > > > Backup Operators (S-1-5-32-551) -> -1
> > > > > Users (S-1-5-32-545) -> -1
> > > > > Domain Users
(S-1-5-21-4008386108-3466510086-266964780-513) -> -1
> > >
> > >
-------------------------------------------------------------------------
> > >---------------------------
> > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and
read the
> > > > instructions: 
https://lists.samba.org/mailman/listinfo/samba--
> > >
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> 
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>