similar to: winbind: how to map Windows groups to existing unix groups; limit windows group to unix groups

I am running 3.0.10-1.4E on RHEL4. The machine is a ADS member server. I would like to statically map the ADS group "Domain Admins" to the built in "wheel" group so all members of "Domain Admins" are in the "wheel" group. I have looked at the username map option, but I don't want a group of users mapped to a UID (this would defeat what I am trying to

Hi, I'm running samba 3.0.2a as a windows domain MEMBER, security=ADS. Just installed winbind last week it it looks great. However I would like to have winbind 'map' some windows groups (e.g. "Domain Users") to existing unix groups (e.g. "users"). First I thought net groupmap could be used to achieve this but this tool seems only intended to map unix groups to

Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.

Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes

I have a unix group that owns some files on a share, and I'd like to set up a group mapping so that an Active directory group (with an exising mapping in winbind from earlier use) gets access to these files via a mapping. I've been fooling around with net groupmap add, and haven't been able to get this set up. The group Domain Users has an existing mapping to gid 10004, which winbind

On our campus, we have an AD forest. Our particular department has a number of samba servers that authenticate to one tree of that AD forest. All of our users have accounts in LDAP for unix and AD for windows. We don't want/need winbind for authentication. However, we would like the ability of setting ACLs on the samba server from windows clients. So, I assume I need a mapping of unix

Hi again, This is a follow up to a previous e-mail, but no luck so I have done some more digging. I don't understand why it is so difficult to map between a existing user on a Windows Server (SID) and an existing user on a Unix/Solaris (UID) user, since all information is available? unix# /usr/local/samba/bin/wbinfo -n andrew S-1-5-21-1984182827-583073959-8547516-2056 User (1) unix# tail

I have had a few replies and it looks that I am on a no win solution. I either set up LDAP and delete local UID on our UNIX boxes and let samba convert SID to UID, or just leave thinks as they are. I still don't under stand why it is so difficult to do what I want when all the information seems to be at hand. 1) User changes security of a file on a samba share to allow DCSNT\andrew access.

Centos samba version is 3.0.10 which is the package that comes with the disto - is the only way to upgrade to the latest samba 3.0.24 is to recompile the samba source? I have tried "yum update samba" however it says 3.0.10 is the latest so i downloaded 3.0.24 and tried rpm -Uvh or yum localinstall but i get the following dependency errors to # yum install

Rowland said: >> Is there a set of settings to restore the mapping of AD users to pre-existing Unix Users? >No >> >> Does the official Samba distributed project source continue to support AD Users mapping to pre-existing Unix Users? >I do not think it ever did. I found this reference quickly from google describing the previous behavior. Winbind was always optional

Hello. After fresh install. Samba and ldap seems to run normally ( I can join win2k workstation to linux samba pdc ). Using yast I create a system group named domadmin But I am unable to map "Domain Admins" to domadmin I am unable to map "Domain Admins" to existing ntadmin group I am unable to mofify mapping "Domain Admins" to domadmin group Thank you for

Hello, I have search this list and the HOW TO's, but can't find the answer! We have all our users on both Windows (ADS) and Solaris (NIS), but I can not configure samba shares so Windows Users can modify the security settings on there files, so that other people can look/edit there files.... If I don't fix this problem soon we will end up with a Windows file-server as well as a

What are the implications of locking the ntuser.dat file on the user's server profile? That is, if I make the ntuser.dat file read-only, what affects will that have on the client?

There was a thread in the past, i know, but i have not found any solution: I have a domain member server Samba 3.0.23c and an AD witch manage the users. Always a user tries to add permissions for an other user I got the error in log.smb create_canon_ace_lists: unable to map SID S-1-5-21-3120594657-2306910035-793260449-1128 to uid or gid. Which means that the Windows SID is not able to map to

On 04/06/2020 21:22, Bivans, Crispin via samba wrote: > Rowland said: >>> Can you point me to a Release Changes note that says explicitly that Winbind is now required or that mapping of AD users to local unix accounts has been removed? >>> >>> Crispin >> Yes, see here: >>

Hello, Is it possible to map several unix groups to a single Windows group SID? We have several department groups we want to include in Domain Users, but not single unix group for all users. Thanks, Scott Hanson

Rowland said: >> Can you point me to a Release Changes note that says explicitly that Winbind is now required or that mapping of AD users to local unix accounts has been removed? >> >> Crispin >Yes, see here: > https://wiki.samba.org/index.php/Samba_4.8_Features_added/changed#Domain_member_setups_require_winbindd > >Samba did a lot of things back in the NT4-style

Hi all, Now that I've got Samba 2.2.12 running correctly on that HP-UX box, I need to allow write access to a given AD domain group. What is the right way to do it on Samba 2.2? I added a group.map file in smb.conf, and a line inside that said: unixgroup = "AD Domain Group" Then in smb.conf, I put in [global]: groupname map = /etc/opt/samba/group.map And in the correct

Hi, Is there any way that I can map window AD admin-user to Linux root user (uid=gid=0) ? I noticed that windows Active-Directory users can use "idmap [uid-range]" to map to Linux users, but the idmap uid-range doesn't include '0'. e.g. idmap uid = 10000-20000 idmap gid = 10000-20000 Thanks! YY Yanping Du Software Engineer, Cisco Systems 820 Alder Dr.

samba 3.0.7, freebsd 5.2.1 My /usr/local/etc/samba-user.map looks like root = DEV.grahamd I would like to modify the ACLs on a directory that look like so: drwxrwx--- 2 root Domain Admins 512 Oct 28 16:41 test2/ (if I chown the directory to my DEV.grahamd account, I can change ACLs to my heart's content) I'm operating under the assumption that only root, or the owner of a file