On Fri, 26 Sep 2003, David van Geyn wrote: > Hi, > > Before Samba 3.0.0 RC4 I was running Samba 3.0.0 beta3, and when I > upgraded to RC4, I began having problems with group mappings. I didn't > notice at first, because on my laptop I don't normally log on to the > domain. I just noticed when I tried to use my desktop and log on to the > domain... I don't have Domain Admin privileges. > > So, I look at 'net groupmap list' ... and it shows the Domain Admins group > as mapped to the unix group domadm. Looks good, right? > > Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> domadm > > Next I tried deleting that groupmap by using 'net groupmap delete > sid=S-1-5-21-347...........' Now the groupmap was deleted and now shows > this: > > Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1 > > So now I try to re-add it: 'net groupmap add ntgroup="Domain Admins" > unixgroup=domadm' and list it again. > > Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) -> -1 > Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-2161) -> domadm > > Now there are two Domain Admin mappings, one null (-1) and the new one I > just created. As far as I know, that new one should have gone to the one > with RID of 512. I checked to be sure, but NT/2000 is definitely looking > for the old Domain Admins group with RID of 512, and the Samba PDF doc > says Domain Admins should have an RID of 512. > > So, I tried to add a groupmap with that SID specifically. > > net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 > unixgroup=domadm
To change an existing entry: net groupmap modify ntgroup="Domain Admins" unixgroup=root To delete the spurious entry: net groupmap delete ntgroup="Domain Admins" unixgroup=domadm - John T. > > And I get this response: > > adding entry for group domadm failed! > > So then I try: > > net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 > ntgroup="Domain Admins" unixgroup=domadm > > And get the same: > > adding entry for group Domain Admins failed! > > > ---- I have run out of ideas for getting my groupmap working, but it is > becoming very strange to log on to PC's and not have Domain Admin > privileges. Hopefully there is an easy fix for this. > > Anyone have any ideas? If you need any more information, please ask. > > Thanks in advance, > > David van Geyn > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba