Hi, try it with the command:
net groupmap delete sid=S-1-5-21-2643210455-489482773-813538922-512
for the first bad Domain admin group. using the sid should do the trick. delete all mappings for Domain-groups not matching your samba-group, then use the
net groupmap modify
command to update the remaining group-mappings so they go to the correct unix-groups.
be aware that "net delete groupmap" is not equal to "net groupmap delete"... Christoph
Greg Andrews schrieb:
Howdy People,
Since my last posting things have definitely taken a turn for the worse
The XP clients cannot now even find the domain controller !!
my smb.conf file is
[global] log file = /var/log/samba/log.%m load printers = no name resolve order = wins bcast lmhosts host admin users = @admingrp socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 obey pam restrictions = Yes lm announce = True domain master = True username map = /etc/samba/user.map encrypt passwords = yes passwd program = /usr/bin/passwd %u wins support = true dns proxy = No netbios name = SAMBASERVER server string = sambaserver logon script = logon.bat unix password sync = yes workgroup = PINARC os level = 255 security = user preferred master = True max log size = 50 domain logons = Yes logon drive = h: logon home =\\%N\%U logon path = \\%N\profiles\%U add user script = /usr/sbin/useradd -d /dev/null -g 400 -s /bin/false -M /%u
[Profiles] comment = Profiles Directory path = /SYS/profiles read only = no create mask = 0600 directory mask = 0700 profile acls = yes writeable = yes
[netlogon] comment = For Administration Use path = /etc/samba/netlogon valid users = %U write list = @admingrp read only = no create mask = 0644
[homes] comment = %U home directory path = /SYS/home/%U valid users = %S read only = No create mask = 0600 browseable = No directory mask =0700 locking = no
[open] comment = Pinarc Readable Share path = /SYS/world/open read only = No create mask = 0664 directory mask = 0775 valid users = @mars
The logon script is being executed and the profiles are being written and updated.
How do you fix/delete/change the net groupmap list output. I think this may the root cause of my problems , but I just dont know the syntax to fix/delete/change it. I have searched google and the samba manual and they seem to tell you everything except how to delete/fix etc.
I have tried net delete groupmap ntgroup="Domain Admins" and whilst it says it has deleted this group in actually has done nothing.
Below is the output of net groupmap list and net getlocalsid
System Operators (S-1-5-32-549) -> -1 Domain Admins (S-1-5-21-2643210455-489482773-813538922-512) ->admingrp Domain Users (S-1-5-21-3314183342-3289294326-2282427927-513) -> mars Replicators (S-1-5-32-552) -> -1 interchange (S-1-5-21-3314183342-3289294326-2282427927-4001) -> inter Guests (S-1-5-32-546) -> -1 lukeman (S-1-5-21-3314183342-3289294326-2282427927-2803) -> madint Domain Admins (S-1-5-21-218202318-3803304894-1597324041-512) -> -1 Domain Users (S-1-5-21-2643210455-489482773-813538922-513) -> -1 Domain Guests (S-1-5-21-218202318-3803304894-1597324041-514) -> nogroup Power Users (S-1-5-32-547) -> -1 Domain Guests (S-1-5-21-2643210455-489482773-813538922-514) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Guests (S-1-5-21-3314183342-3289294326-2282427927-514) -> -1 Domain Admins (S-1-5-21-3314183342-3289294326-2282427927-512) -> -1 AccountOperators (S-1-5-32-548) -> -1 mad (S-1-5-21-3314183342-3289294326-2282427927-2801) -> mad Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1
SID for domain SAMBASERVER is: S-1-5-21-3314183342-3289294326-2282427927
Please help. Very desperate.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba