Re: [Samba] Samba Groups questions

Wed, 27 Aug 2008 09:19:20 -0700 


Short answer, yes.
You should/do get all the groups listed with ifmember /list but get different results with the Solaris nsswitch.conf than padl's nsswitch.conf. I have it working, through changing only this one library. There may of course have been problems with my ldap_client_file that didn't show up at the OS level but scuppered what samba was asking 
for.  Didn't see any error messages though.

Cheers.

Duncan Brannen wrote:


Hi,
When Samba is running as a PDC and a workstation is joined to the Domain, should the user logged into the workstation be able to see all the groups they are a member of using `ifmember /list`? Is the below output as expected? I'm I correct thinking that as all my groups originate in the Unix world, I don't need winbind to allow the Workstations to see them?
For what it's worth, Solaris 10 (Sparc) Samba 3.2.1 and OpenLDAP, everything bar the Samba version should be irrelevant as it's hidden behind nsswitch and passdb backend?
It's a clean OS / Ldap install with the smbldap tools used to populate the directory and create 
the user, then 'net rpc' used to create groups and add members.

Thanks,
            Duncan

-----
On the PDC
/usr/local/samba/bin/net rpc group members room11 -Uroot%password
CROOMTEST\dunk

/usr/local/samba/bin/net groupmap list
Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) -> Domain Admins Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) -> Domain Users Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) -> Domain Guests Domain Computers (S-1-5-21-440367617-1876916578-3462541782-515) -> Domain Computers 
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
room11 (S-1-5-21-440367617-1876916578-3462541782-3003) -> room11
room9 (S-1-5-21-440367617-1876916578-3462541782-3005) -> room9

getent group
...
room11::1001:dunk

getent passwd
...
dunk:x:1000:512:System User:/home/dunk:/bin/bash

-----
On the workstation

net group /domain room11

returns dunk as a member

net group /domain

returns a list of all the groups mapped on the pdc that start S-1-5-21-

ifmember /list

returns the primary group CROOMTEST\Domain Admins
\Everyone
BUILTIN\Administrators
BUILTIN\Users
\Local
NT Authority\INTERACTIVE
NT Authority\Authneticated Users






--
The University of St Andrews is a charity registered in Scotland : No SC013532

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to