Chris
2008-Aug-06 00:55 UTC
[Samba] Groups not showing in Win2K Control Panel "Users and Passwords"
Leopard Server 10.5.4, Samba Version 3.0.25b-apple I am attempting to do something similar to that described in the Samba HOWTO and Reference Guide on page 157 Section 11.4.3. I have configured an "Admins" group on the server and would like to tell the local workstation to treat users in that group as Administrators. This used to work. "net groupmap list" shows that the mapping is there, and the SID looks correct. When I check the user after logging into the Windows 2000 workstation with WHOAMI.EXE /GROUP the DOMAIN\Admins group is listed, but when I log in as the workstation's local administrator to map the group to Administrators, I select the domain, and I get a list of users which appears to be complete, but there are no groups. When I manually type in DOMAIN\Admins in the lower section, Windows says the group cannot be found. Is there a samba command I can execute on the server to get the same list of users and groups the workstation is asking for during this process? Any hints as to what needs to be set in samba to include groups in this list?
Rob Shinn
2008-Aug-06 12:21 UTC
[Samba] Groups not showing in Win2K Control Panel "Users and Passwords"
On Tue, August 5, 2008 8:54 pm, Chris wrote:> This used to work. > > "net groupmap list" shows that the mapping is there, and the SID looks > correct. > > When I check the user after logging into the Windows 2000 workstation > with WHOAMI.EXE /GROUP the DOMAIN\Admins group is listed, but when I > log in as the workstation's local administrator to map the group to > Administrators, I select the domain, and I get a list of users which > appears to be complete, but there are no groups. When I manually type > in DOMAIN\Admins in the lower section, Windows says the group cannot > be found.Have you tried re-joining the Windows 2000 workstation to the domain (i.e, take it out of the domain, and then join it to the domain again)? That seems to clear up weird problems with Windows 2000 for me. -- For a good laugh, call (202) 456-1414
Chris
2008-Aug-12 19:59 UTC
[Samba] Re: Groups not showing in Win2K Control Panel "Users and Passwords"
That gets me looking in the right direction. Thanks. I added the domadmins group as outlined and set SMBRID, but "net sam list groups" still shows no groups. I wonder what the opern directory criteria for a group to be listed there is. Can anyone do a: dscl -u [LDAP Node Admin] -P [LDAP Node Admin Password] / LDAPv3/127.0.0.1 -read /Groups/groupname for a leopard server group that DOES show up on the Windows client and compare it with this: # dscl -u odadmin -P xxxxx /LDAPv3/127.0.0.1 -read /Groups/domadmins dsAttrTypeNative:apple-generateduid: XXXXXXXX-XXXX-XXXX-XXXX- XXXXXXXXXXXX dsAttrTypeNative:cn: domadmins dsAttrTypeNative:gidNumber: 99 dsAttrTypeNative:objectClass: posixGroup apple-group extensibleObject top dsAttrTypeNative:rid: 512 AppleMetaNodeLocation: /LDAPv3/127.0.0.1 GeneratedUID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX PasswordPlus: ******** PrimaryGroupID: 99 RecordName: domadmins RecordType: dsRecTypeStandard:Groups SMBRID: 512 Does "net sam list groups" show said group? On Aug 12, 2008, at 12:09 PM, William Strucke wrote:> Maybe not what you are looking for, but this is what I used: > > http://www.afp548.com/article.php?story=200608252114039 > > > > ws > > > On Aug 5, 2008, at 8:54 PM, Chris wrote: > >> Leopard Server 10.5.4, Samba Version 3.0.25b-apple >> >> I am attempting to do something similar to that described in the >> Samba HOWTO and Reference Guide on page 157 Section 11.4.3. I have >> configured an "Admins" group on the server and would like to tell >> the local workstation to treat users in that group as Administrators. >> >> This used to work in 10.4. >> >> When I check the user after logging into the Windows 2000 >> workstation with WHOAMI.EXE /GROUP the DOMAIN\Admins group is >> listed, but when I log in as the workstation's local administrator >> to map the group to Administrators, I select the domain, and I get >> a list of users which appears to be complete, but there are no >> groups. When I manually type in DOMAIN\Admins in the lower >> section, Windows says the group cannot be found. >> >> "net groupmap list" shows that the mapping is there, and the SID >> looks correct. >> >> "net sam list groups" does not list any groups. >> >> "net sam list users" shows the list of users I see in the Users and >> Passwords block. >> >> Any suggestions appreciated. >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Macos-x-server mailing list (Macos-x-server@lists.apple.com) >> Help/Unsubscribe/Update your Subscription: >> http://lists.apple.com/mailman/options/macos-x-server/strucke.1%40osu.edu >> >> This email sent to strucke.1@osu.edu >