"Bradley W. Langhorst" wrote: > > I propose the following changes to smbgroupedit in HEAD > to keep others from getting burned as I did by a > subtle change of group type during a unix association > > I can't believe how long it took me to figure out why my > my groups weren't showing up.
Yes, the tools isn't the most intuitive - and that's *after* I allowed SIDs to be specified by name... > --- smbgroupedit.c Fri Aug 9 14:46:38 2002 > +++ /home/bitc_home/bwlang/devel/samba-3.0a/source/utils/smbgroupedit.c > Thu Aug 8 18:36:53 2002 > @@ -161,20 +161,18 @@ > * Allow changing of group type only between domain and local > * We disallow changing Builtin groups !!! (SID problem) > */ > - /* Since we're changing a group we should really keep the > - * old type unless the user explicitly specified a new type. > - * It is not possible to specify the UNKNOWN type > - */ > - if (sid_type != SID_NAME_UNKNOWN) { > - if (sid_type != SID_NAME_WKN_GRP) { > - if (map.sid_name_use !=SID_NAME_WKN_GRP) { > - map.sid_name_use=sid_type; > + if (sid_type==SID_NAME_ALIAS > + || sid_type==SID_NAME_DOM_GRP > + || sid_type==SID_NAME_UNKNOWN) { > + if (map.sid_name_use==SID_NAME_ALIAS > + || map.sid_name_use==SID_NAME_DOM_GRP > + || map.sid_name_use==SID_NAME_UNKNOWN) { > + map.sid_name_use=sid_type; > } else { > - printf("cannot change group type from builtin\n"); > + printf("cannot change group type to builtin\n"); > }; > - } else { > - printf("cannot change group type to builtin\n"); > - } > + } else { > + printf("cannot change group type from builtin\n"); > } Why not just do an explict test on type builtin then... > if (ntgroup!=NULL) > > and here's a reminder for the doc file > > --- > /home/bitc_home/bwlang/devel/samba-3.0a/docs/textdocs/GROUP-MAPPING-HOWTO.txt >Thu Aug 8 18:34:58 2002 > +++ docs/textdocs/GROUP-MAPPING-HOWTO.txt Fri Aug 9 15:04:47 2002 > @@ -58,3 +58,6 @@ > > smbgroupedit -v > > + > +Don't forget that you must set the type of any new groups to Domain for > them to show up in the NT user manager. > + smbgroupedit -c "group_name" -td > > here's an addition to dissociate groups > --- ../../samba-3.0a18/source/utils/smbgroupedit.c Fri Jun 7 > 10:33:33 2002 > +++ utils/smbgroupedit.c Fri Aug 9 15:27:49 2002 > > @@ -147,30 +149,37 @@ > > /* If a new Unix group is specified, check and change */ > if (group!=NULL) { > + if (strncmp(group,"-1", strlen(group)) == 0){ > + printf("Dissociating unix groups from ntgroup: %s\n", > map.nt_name); > + map.gid=-1; /*dissociate the unix group*/ Looks like a good idea - but we might to better to just have an option to 'disassociate'. > + } else { > gid=nametogid(group); > if (gid==-1) { > - printf("The UNIX group does not exist\n"); > + printf("The UNIX group: &s does not exist\n", > group); Did you actually compile this? That looks like an aperstand to me, not a % (percentage, format qualifier...). > return -1; > } else > map.gid=gid; > + } > } Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net