> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: mercoledì 2 maggio 2007 14.56 > A: samba@lists.samba.org > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > ... > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > The first appear to be correctly mapped to the local users group > > > > the latter has no mapping (-1) > > > > > > > > that's to me appeares really odd.... > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > apache21) works > > > > perefctly and every user can authenticate correctly on every > > > > > > service with > > > > > > > his/her own AD domain user and password > > > > > > > > Any Hint? > > > > PLEASE !?! > > > > > > Execute > > > net groupmap cleanup > > > > > > then reset your mappings. > > > > > > - John T. > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > Looks loke > > net groupmap cleanup > > has no effect on my system > > > > here is the copy of action from my terminal > > > > mail# /home > net groupmap delete ntgroup="domain users" > > Sucessfully removed domain users from the mapping db > > > > mail# /home > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > mail# /home > net groupmap cleanup > > Group Domain Guests is not mapped > > Group Domain Users is not mapped > > Group Domain Admins is not mapped > > > > mail# /home > net groupmap add ntgroup="Domain Users" unixgroup="users" > > type=b > > No rid or sid specified, choosing algorithmic mapping > > Successfully added group Domain Users to the mapping db > > > > mail# /home > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > mail# /home > > > > > Maybe Domain Users is NOT to be mapped ? > > is of any use mapping Domain Users and Users ? I would say YES > as I want to > > set permissions based on AD groups > > What version of Samba do you have? > > For now, stop Samba, remove the group_mapping,tdb file, then remap your > groups. In the long run suggest you update to the latest release. > > - John T. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Sorry... I forgot I'm running Samba 3.0.14a mail# /home > pkg_info | grep samba samba-3.0.14a_1,1 A free SMB and CIFS client and server for UNIX here is the smb.conf [global] workgroup = dmsware netbios name = mail #os level = 20 # we will never be master or slave browser as we are on a firewalled net preferred master = no server string = mail.dmsware.it Samba Shares realm = dmsware.it security = ADS password server = orion.dmsware.it winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes # -antares- winbind enum users = Yes # -antares- winbind enum groups = Yes allow trusted domains = Yes #idmap domains = DMSWARE idmap config DMSWARE:backend = rid idmap config DMSWARE:base_rid = 1000 idmap config DMSWARE:range = 10000 - 49999 #idmap backend = idmap_rid:DMSWARE=1000-20000 idmap gid = 10000-49999 idmap uid = 10000-49999 # -antares- winbind uid = 10000-20000 # -antares- winbind gid = 10000-20000 template homedir = /home/%U template shell = /bin/sh # -antares- template primary group = "Domain Users" syslog only = Yes # -antares- log file = /var/log/samba/log.%m encrypt passwords = yes add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u My current configuration is FreeBsd 6 Samba 3.0.14a Dovecot 1.0.0 postfix 2.3.5 cyrus-sasl 2.1.22 with saslAuth openssl 0.9.7i stable currently the system is serving as authenticated SMTP/pop3 Webmail File Server (samba is both used for authentication and file sharing) for file-retrivial from client ftp uploads I'm not again patching... but as everything works fine... and the system is critical... Thanks for your time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba