Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
You are so right. Better solutions are welcome :^)
Boogerman
- Original Message -
From: "Beast" <[EMAIL PROTECTED]>
To: "Boogerman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 01, 2003 1:44 AM
Subject: Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
> Friday, August 1, 2003, 5:25:44 AM, Boogerman wrote:
>
> > I found the solution. If anyone is interested, what I did is:
>
> > Create a Domain group in the SAMBA machine with:
> > net groupmap add sid={lastsid+1} ntgroup="Domain Power Users"
> > unixgroup=users type=domain
>
> > Then, as admin in the XP client, in "MMC/Local Users and
Groups/Groups/Power
> > Users" I added "{MYDOMAIN}\Domain Power Users".
>
> > So this added the domain group Domain Power Users (wich was mapped to
the
> > unix group users) to the local Power Users group.
>
> > I hope this helps someone out there...
>
> Yes, but you have to come to every ws then.
>
> --beast
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
Probably the problem comes from NT.
By default, it ads the "Domain Admins" group to its "Administrators" group.
It should do as much with "Power Users" and other domain groups, but it
doesn't. So you have to do it manually.
Anyway, this is a one time only operation, so I don't really mind performing
the task in every WS. In any case, it's better than having the domain users
complaining about why they can't do this, or why they can't do that...
Boogerman
- Original Message -
From: "John H Terpstra" <[EMAIL PROTECTED]>
To: "Beast" <[EMAIL PROTECTED]>
Cc: "Boogerman" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, August 01, 2003 3:58 AM
Subject: Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
> On Fri, 1 Aug 2003, Beast wrote:
>
> > Friday, August 1, 2003, 5:25:44 AM, Boogerman wrote:
> >
> > > I found the solution. If anyone is interested, what I did is:
> >
> > > Create a Domain group in the SAMBA machine with:
> > > net groupmap add sid={lastsid+1} ntgroup="Domain Power Users"
> > > unixgroup=users type=domain
> >
> > > Then, as admin in the XP client, in "MMC/Local Users and
Groups/Groups/Power
> > > Users" I added "{MYDOMAIN}\Domain Power Users".
> >
> > > So this added the domain group Domain Power Users (wich was mapped to
the
> > > unix group users) to the local Power Users group.
> >
> > > I hope this helps someone out there...
> >
> > Yes, but you have to come to every ws then.
>
> Correct. How else would you do this? How do you do this with an MS Windows
> 2000 Server environment?
>
> - John T.
> --
> John H Terpstra
> Email: [EMAIL PROTECTED]
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
On Fri, 1 Aug 2003, Beast wrote:
> Friday, August 1, 2003, 5:25:44 AM, Boogerman wrote:
>
> > I found the solution. If anyone is interested, what I did is:
>
> > Create a Domain group in the SAMBA machine with:
> > net groupmap add sid={lastsid+1} ntgroup="Domain Power Users"
> > unixgroup=users type=domain
>
> > Then, as admin in the XP client, in "MMC/Local Users and Groups/Groups/Power
> > Users" I added "{MYDOMAIN}\Domain Power Users".
>
> > So this added the domain group Domain Power Users (wich was mapped to the
> > unix group users) to the local Power Users group.
>
> > I hope this helps someone out there...
>
> Yes, but you have to come to every ws then.
Correct. How else would you do this? How do you do this with an MS Windows
2000 Server environment?
- John T.
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: 3.0 beta 3 - NT and Unix group mapping
Friday, August 1, 2003, 5:25:44 AM, Boogerman wrote:
> I found the solution. If anyone is interested, what I did is:
> Create a Domain group in the SAMBA machine with:
> net groupmap add sid={lastsid+1} ntgroup="Domain Power Users"
> unixgroup=users type=domain
> Then, as admin in the XP client, in "MMC/Local Users and Groups/Groups/Power
> Users" I added "{MYDOMAIN}\Domain Power Users".
> So this added the domain group Domain Power Users (wich was mapped to the
> unix group users) to the local Power Users group.
> I hope this helps someone out there...
Yes, but you have to come to every ws then.
--beast
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 3.0 beta 3 - NT and Unix group mapping
I found the solution. If anyone is interested, what I did is:
Create a Domain group in the SAMBA machine with:
net groupmap add sid={lastsid+1} ntgroup="Domain Power Users"
unixgroup=users type=domain
Then, as admin in the XP client, in "MMC/Local Users and Groups/Groups/Power
Users" I added "{MYDOMAIN}\Domain Power Users".
So this added the domain group Domain Power Users (wich was mapped to the
unix group users) to the local Power Users group.
I hope this helps someone out there...
Boogerman
- Original Message -
From: "Boogerman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 10:35 PM
Subject: 3.0 beta 3 - NT and Unix group mapping
> Hello everyone!
>
> I've been testing the 3.0 beta 3 (I've just upgraded from 2.2.7), and made
a
> PDC configuration with Windows XP Pro clients. Everything works fine,
> however, I'm fine tuning the NT and Unix group mapping; in particular, I
> want to map the Unix group 'users' to the NT group 'Power Users'.
>
> I've tried:
> net groupmap modify ntgroup="Power Users" unixgroup=users
> with no success.
> If I do, however
> net groupmap modify ntgroup="Domain Admins" unixgroup=users
> users are granted admin privileges
>
> I've read the groupmapping chapter of the howto collection
>
(http://us1.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#grou
> pmapping) and still got no clue (If anyone can point me to a more detailed
> document by all means do so).
>
> Here's my `net groupmap list`:
>
> System Operators (S-1-5-32-549) -> -1
> Domain Admins (S-1-5-21-1734957725-2317673715-2873464621-512) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Guests (S-1-5-21-1734957725-2317673715-2873464621-514) -> -1
> Power Users (S-1-5-32-547) -> users
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Domain Users (S-1-5-21-1734957725-2317673715-2873464621-513) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
>
> And my smb.conf:
>
> [global]
> netbios name = Natsumi
> server string = Linux Server
> workgroup = BoogerSoft
> passdb backend = smbpasswd
>
> hosts allow = 192.168.0. 127.0.0.1
>
> ;act as domain and master browser
> os level = 64
> preferred master = yes
> domain master = yes
> local master = yes
>
> security = user
>
> encrypt passwords = yes
>
> domain logons = yes
>
> ;if this causes problems change it to \\%N\profile\%U
> logon path = \\%N\%U\profile
> logon drive = H:
>
> ;for win9x clients
> ;logon home = \\%N\%U\profile
>
> ;logon script, relative to the [netlogon] share
> logon script = logon.cmd
>
> ;neither of these seem to work with 3.0
> ;client code page = 850
> ;character set = ISO8859-1
>
> [netlogon]
> comment = Network Logon Service
> path = /usr/local/samba/lib/netlogon
> read only = yes
> write list = ntadmin
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> create mask = 0600
> directory mask = 0700
>
> And I am getting this in log.smbd when I do the "Power User" thing:
> [2003/07/30 21:25:53, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(710)
> _net_sam_logon: user BOOGERSOFT\boogerman has user sid
> S-1-5-21-1734957725-2317673715-2873464621-3000
>but group sid S-1-5-32-547.
> The conflicting domain portions are not supported for NETLOGON calls
>
> And also this:
> [2003/07/30 21:33:43, 0] rpc_server/srv_util.c:get_domain_user_groups(362)
> get_domain_user_groups: primary gid of user [boogerman] is not a Domain
> group!
> get_domain_user_groups: You should fix it, NT doesn't like that
>
> (I don't fully understand the messages, so any explanations will be
> appreciated)
>
> Well, that's too much, probably I got everything missconfigured (hey,
after
> all, it's my first PDC with 3.0). I hope someone will be able to help me
> figure this one out...
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
