On Tue, 2004-03-16 at 01:34, Matthias Eichler wrote: > Hi Craig, > > On Mon, 2004-03-15 at 21:18, Craig White wrote: > > > > Do I understand winbindd right in that way that I do not > > > need winbindd at all in this setup? > > --- > > I would agree with that > > That sounds good to me and my logic...:-) > > > > If no, why does I get map errors in the log that > > > SIDs cant be mapped to gid or uid? > > > (net groupmap list just shows -1 entries, > > > manual groupmaps cant be inserted => error) > > --- > > net groupmap list (would have been nice to see that) > > on the pdc: > ---cut--- > pfoertner:~# net groupmap list > Domain Admins (S-1-5-21-2443489570-4015384086-1858331161-512) -> root > Domain Users (S-1-5-21-2443489570-4015384086-1858331161-513) -> users > Domain Guests (S-1-5-21-2443489570-4015384086-1858331161-514) -> nogroup > Technik (S-1-5-21-2443489570-4015384086-1858331161-3005) -> technik > Vorstand (S-1-5-21-2443489570-4015384086-1858331161-3003) -> vorstand > Buchhaltung (S-1-5-21-2443489570-4015384086-1858331161-3009) -> > buchhaltung > Marketing (S-1-5-21-2443489570-4015384086-1858331161-3007) -> marketing > Verwaltung (S-1-5-21-2443489570-4015384086-1858331161-3001) -> > verwaltung > ---cut--- > > on the member server: > ---cut--- > fileserver:~# net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Power Users (S-1-5-32-547) -> -1 > Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) -> -1 > Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > ---cut--- > > > net groupmap modify sid=S-1-5-AND-SO-ON ntgroup="Domain Users" > > unixgroup=valid_unix_group type=domain > > if groupmap exists for ntgroup, you either must delete it and > > then add it or modify it. > > OK, maybe this was what I was misunderstanding: > I thought that with security=DOMAIN the groupmaps > should be some kind of resolved between PDC and > the members server or at least with groupmap = -1 > I have to create them which didnt work. --- Actually, I think that on 'member' servers, you should use security = domain AND winbind to resolve all the samba groups from the PDC
Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba