thr3ads.net - samba - Fwd: [Samba] Net groupmap list puzzler [Feb 2007]

If this information is useful, please help other people find it:
Share via:

"Daniel Müller"

2007-Feb-22 20:03 UTC

Fwd: [Samba] Net groupmap list puzzler

Hi,
I think at first you have to do a net groupmap add all the well known Groups.

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> -1
Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1




This is my example working with suse

groupadd ntadmins
groupadd domusers
net groupmap add ntgroup=?Domain Admins? unixgroup=ntadmins rid=512 type=domain
net groupmap add ntgroup=?Domain Users? unixgroup=domusers rid=513 type=domain

This case go through all groups you need mapping the groups with the right rid.
after done this a net groupmap list must be shown this way:

Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) -> domusers
Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) -> ntadmins
Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) -> nobody

To grant the rights to the group with the rid 512 "Domain Admins"
you gotta do a rpc right grant for this group and set in the global
of your smb.conf enable privileges=yes

greetings 
daniel
 


-------- Original-Nachricht --------
Datum: Tue, 20 Feb 2007 13:50:14 -0600
Von: "Craig Jackson" <CJackson@abbott-simses.com>
An: samba@lists.samba.org
CC: 
Betreff: [Samba] Net groupmap list puzzler

Hi Dudes,

I have a samba Version 3.0.23d that has successfully joined 
our Server 2003 ADS domain.
# wbinfo -u shows the users
# wbinfo -g shows the groups
And I can chown/grp directories to NT users & groups.
However, # net groupmap list only shows
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users

So if I try to map groups, this is what happens.
# net groupmap modify ntgroup="Domain Admins" unixgroup=domadmins
# NT Group Domain Admins doesn't exist in mapping DB

One other problem. I get permission denied when I try to
Modify ACLs. The ext3 file system is mounted with acl and
nt acl support = yes is in the share section defined. 

Please help with a hint. I have Googled and read the Samba
Chapter 12/13 on the net command to no avail.

Thanks.
Craig
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal f?r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Feb 2007 - Fwd: Net groupmap list puzzler

Fwd: [Samba] Net groupmap list puzzler

Possibly Parallel Threads

Wisdom of the Ancients