Re: [Samba] Group Mappings

2012-02-09 Thread Gaiseric Vandal 
Do you have any XP clients?  Do they have the same issue?  What backend 
are you using?




On 02/08/2012 03:03 PM, Simon Faulkner wrote:

Samba 3.6.2

My Domain Admins, including root, don't get admin permissions on local 
PCs.


My Windows 7 clients can join the domain but when I look in the 
Administrators group it shows the sid for the Domain Admins group (RID 
= 512) and the icon has a question mark


net groupmap list seems OK

Any ideas where to look next?

TIA

Simon



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Group Mappings

2012-02-08 Thread Simon Faulkner 

Samba 3.6.2

My Domain Admins, including root, don't get admin permissions on local PCs.

My Windows 7 clients can join the domain but when I look in the 
Administrators group it shows the sid for the Domain Admins group (RID = 
512) and the icon has a question mark


net groupmap list seems OK

Any ideas where to look next?

TIA

Simon

--
Simon Faulkner  01538 303 900
Staffordshire Moorlands

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba Group Mappings

2004-08-25 Thread Douglas Sterner 
Using 3.05 and open ldap I'm getting the following error following the 
Samba by example page 155. My group mappings do not appear to be working 
correctly. Any suggestions on how to fix this.  Everything was working up 
to this point.

Thanks

[EMAIL PROTECTED] root]# net groupmap list
[2004/08/25 12:53:16, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2239)
  ldapsam_setsamgrent: LDAP search failed: No such object
[2004/08/25 12:53:16, 0] 
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2304)
  ldapsam_enum_group_mapping: Unable to open passdb

[EMAIL PROTECTED] root]# groupadd logs
groupadd: group logs exists

[EMAIL PROTECTED] root]# net groupmap modify ntgroup=Logs 
unixgroup=logs
[2004/08/25 12:53:27, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(No such object)
NT Group Logs doesn't exist in mapping DB
[EMAIL PROTECTED] root]#


Douglas Sterner 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] group mappings pitfalls in samba 3

2003-12-09 Thread Andrew Gaffney 
I have recently run across this problem and would like to warn people about it. I had an 
already established domain running under Samba 2.2.8. I then upgraded to 3.0. I removed 
the 'domain admin users = root' line from my smb.conf because certain tools complained 
about it being there. After the upgrade, I followed the Samba 3 HOWTO docs on samba.org. I 
created my domadm, domguests, and domusers groups. I used the command 'net groupmap add 
ntgroup=Domain Admins UNIXgroup=domadm' to map the groups together. This should have had 
the same effect as having the 'domain admin users = root' line in 2.2.8, but whenever I 
would logon to any computer in the domain with the user 'root', the user would be a 
regular restricted user. I got output like this from 'net groupmap list':

System Operators (S-1-5-32-549) - -1
Dispatch (S-1-5-21-12416-2847287174-2328787173-1831) - dispatch
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Domain Users (S-1-5-21-12416-2847287174-2328787173-1833) - domusers
Domain Admins (S-1-5-21-12416-2847287174-2328787173-1825) - domadm
Domain Guests (S-1-5-21-12416-2847287174-2328787173-1835) - domguests
Mechanics (S-1-5-21-12416-2847287174-2328787173-1827) - mech
Instructors (S-1-5-21-12416-2847287174-2328787173-1837) - instructors
Accounting (S-1-5-21-12416-2847287174-2328787173-1829) - accounting
Domain Admins (S-1-5-21-12416-2847287174-2328787173-512) - -1
Domain Guests (S-1-5-21-12416-2847287174-2328787173-514) - -1
Domain Users (S-1-5-21-12416-2847287174-2328787173-513) - -1
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - -1
Account Operators (S-1-5-32-548) - -1
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1
Apparently, the default groups already existed, but were not used in the mapping. Instead, 
new groups with the same name (but not the same GID) were created and mapped. So, my user 
was in the Domain Admins group but not THE Domain Admins group. I'm not quite sure if this 
is a flaw in the HOWTO or if this only happens when upgrading from 2.2.x. I was able to 
fix this problem by deleting the group mappings and remapping with 'net groupmap modify 
ntgroup=Domain Admins UNIXgroup=domadm'. I just made these changes, but I am not on site 
to test if they worked, but I have a hunch that they did.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba