Hi All, Just a general question about groups. I am upgrading a Samba workgroup, server to a PDC. I have been reading: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2589321 In this link, they tell of how to map a windows group to a Samba group net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Question 2: once I have mapped these groups, where are they stored, so I can back them up? Many thanks, -T
> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d > > Question 1: if my previous /etc/group names already match the > ntgroup names, do I still need to run the above command? >Yes.> Question 2: once I have mapped these groups, where are they > stored, so I can back them up? >From a table in "Chapter 41. Managing TDB Files" of the "Samba-HOWTO-Collection" you just quoted: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html ? group_mapping.tdb: Stores group mapping information. Preserve?=Yes. Not used when using LDAP backend. ? So, if you use LDAP, backup the LDAP database or a export it to a LDIF file and keep the file. If you are using tdbsam as a backend, look into /var/lib/samba (at least in a RedHat System) and backup the "group_mapping.tdb" file. Most of all, do your homework. Please note that you can download the following books in PDF format and use the search function. Samba 3 By Example Samba 3 HOWTO They are included with Samba.
Miguel Medalha wrote:> >> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d >> >> Question 1: if my previous /etc/group names already match the >> ntgroup names, do I still need to run the above command? >> > > Yes. >Okay, Now I am really confused. I have three users in my PDC that exist no where else. In /etc/groups they are assigned to "users" (100). My smb.conf restricts users to group "users". These three users are able to use my shares. Why does this work? I thought "net groupmap add" was only to be used when named differed? What am I missing? -T
Peter Ulrich Kruppa wrote:> Am Samstag, den 09.05.2009, 13:00 -0700 schrieb MargoAndTodd: >> Miguel Medalha wrote: >>>> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d >>>> >>>> Question 1: if my previous /etc/group names already match the >>>> ntgroup names, do I still need to run the above command? >>>> >>> Yes. >>> >> Okay, Now I am really confused. I have three users in my >> PDC that exist no where else. In /etc/groups they are >> assigned to "users" (100). My smb.conf restricts users >> to group "users". These three users are able to use my >> shares. > Sorry, perhaps my answer wasn't clear enough: > Sambas user/group database is completely seperate from your unix > user/group system. > So all samba groups have to be mapped to unix groups. > You have to check your system of permissions carefully, since samba > can't allow things that are forbidden to unix users. > > Greetings, > > Uli.Hi Uli, Is this a difference between workgroup samba and pdc SAMBA? I have a workgroup Samba customer with about 15 /etc/groups controlling who sees what. Works perfectly. Confused, -T