As a suggestion, do not publish your SIDs on the web. If any of us
wanted to, we would be able to hack into your network quite easily.
Carlos
-----Original Message-----
From: samba-bounces+carlos=sinu.com@lists.samba.org
[mailto:samba-bounces+carlos=sinu.com@lists.samba.org] On Behalf Of
Gaiseric Vandal
Sent: Monday, May 21, 2007 1:59 PM
To: samba@lists.samba.org
Subject: [Samba] Samba 3.0.22 error with domain accounts
I have compiled Samba 3.0.22 on Solaris 10 (sparc.) It has been
configured as a PDC with a domain of, say, "SAMBADOMAIN." It has
some predefined group mappings for the Administrators and "Domain
Admins" group. These mappings were dropped in later versions of Samba.
(I have been working with 3.0.24 as well. Unfortunately it doesn't seem
to play nice with Sun's PC Netlink so I am hoping a older version
might.)
# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3994835435-1155125117-4257552229-513) -> -1 Power
Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1
*Administrators (S-1-5-32-544) -> -1*** Domain Admins
(S-1-5-21-1184431512-2651584230-490432928-512) -> -1 Domain Guests
(S-1-5-21-1184431512-2651584230-490432928-514) -> -1 Account Operators
(S-1-5-32-548) -> -1 Domain Users
(S-1-5-21-1184431512-2651584230-490432928-513) -> -1 *Domain Admins
(S-1-5-21-3994835435-1155125117-4257552229-512) -> -1*** Domain Guests
(S-1-5-21-3994835435-1155125117-4257552229-514) -> -1 Backup Operators
(S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1
There is no unix group with GID "-1" so I am not quite sure if I
should
be explicitly changing the group mappings to match real groups. I do
have a unix group "administrators" defined, which includes the root
and
administrator account (this was for version 3.0.24.)
I joined this machine to its own domain:
# net join SAMBADOMAIN -U root
I can list users from, or add users to, local groups
e.g.
#net rpc group ADDMEM "Administrators" root #net rpc group ADDMEM
"Administrators" administrator
but not with domain groups, whether predefined or not:
e.g.
# bin/net groupmap add ntgroup="Domain Admins" unixgroup=domadm
rid=512
type=d adding entry for group Domain Admins failed!
e..g.
#net groupmap add ntgroup="Engineering" unixgroup=engr rid=10300
type=d
Successfully added group Engineering to the mapping db
#/net rpc group members "engineering" :
[2007/05/18 14:42:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine 127.0.0.1 pipe \samr fnum 0x721ereturned
critical error. Error was Call returned zero bytes (EOF)
[2007/05/18 14:42:08, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375)
cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x721e to
machine 127.0.0.1. Error was Call returned zero bytes (EOF)
I compiled the software on my linux workstation- but I get the same
errors when running the net command against the solaris samba server.
THe solaris server is configured as an LDAP client.
So my questions are:
1 - What is causing the error (and how do I fix it)?
2 - Do I need to change the group mappings to match real unix group
GID's?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba