Hi, I have a CentOS 4.1 box at work running Samba 3 which I have added as a domain member to an existing Windows domain with a Windows PDC. The box running Samba has no local unix users and groups except for root and the other builtin accounts. All user authentication is done through pam_winbind and user information is handled by winbind. What I would like to do is have users that are members of the Windows domian's Unix Admin global group gain membership to the local unix wheel group when they login via ssh to the Linux box. Preferably without needing to touch the /etc/groups file at all.
I've read chapters 11 and 12 of the Samba How-To and I tried the following on the domain member running Samba based on the How-To: net groupmap add ntgroup="Unix Admin" unixgroup=wheel But when I ssh'ed in as my user who is a member of the Unix Admin group and run `groups` I do not see myself as a member of the wheel group. I also can't alter files with wheel write permissions. After looking at the output of `net getdomainsid` and `net groupmap list` (by this time I had already deleted the Unix Admin -> wheel groupmap) I realized that the SIDs I see in the groupmap list correspond to the SID of the local machine and not the domain. I also see that Unix Admin is not even listed as a group when I check the groups on the machine. [EMAIL PROTECTED] ~]# net getdomainsid SID for domain PINKFLOYD is: S-1-5-21-3074351591-431869502-3764789074 SID for domain MEDITECH is: S-1-5-21-1698397751-1239680928-390482200 [EMAIL PROTECTED] ~]# net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Admins (S-1-5-21-3074351591-431869502-3764789074-512) -> -1 Domain Guests (S-1-5-21-3074351591-431869502-3764789074-514) -> -1 Domain Users (S-1-5-21-3074351591-431869502-3764789074-513) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 My question is how should I be going about mapping my domain group members so they gain membership to a local Unix group while they're logged in? I've read the chapters in the How-To but I'm definitely missing something. I realize now that I can't simply groupmap "Unix Admin" to wheel so there must be some intermediate steps in between. Can someone point me in the right direction? Thanks. Tom smb.conf: # Global parameters [global] workgroup = MEDITECH server string = Samba Server security = DOMAIN password server = meditech3 log file = /var/log/samba/%m.log max log size = 50 name resolve order = lmhosts wins bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = lb:172.30.48.2, canton:172.30.16.2 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind use default domain = Yes cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [public] comment = Public Stuff path = /var/samba/public write list = "@Domain Server Admin" guest ok = Yes -- BSD# Project - Mono on FreeBSD http://www.mono-project.com/Mono:FreeBSD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba