Re: [Samba] group mapping question
From: markus hansen hansenmar...@gmx.de Subject: [Samba] group mapping question Date: Mon, 07 Mar 2011 15:48:46 +0100 I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? If you enable Winbind, local UNIX group membership will be ignored. (Is the membership to domain groups the only group information that counts here?) You can create local group of Windows semantics with net sam createlocalgroup or net groupmap add ... type=local, but it's not local UNIX group. --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group mapping question
Hi List, I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? (Is the membership to domain groups the only group information that counts here?) regards Markus -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
On Mon, 2011-03-07 at 15:48 +0100, markus hansen wrote: Hi List, I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? (Is the membership to domain groups the only group information that counts here?) regards Markus Hi Markus, I cannot speak to an AD setup, but I can say that if a samba domain member server wants to authenticate against a samba pdc, you do not need to have those groups existing on your member server. I use samba member servers as workstations, and I have modified the nsswitch.conf and pam.d files with winbind such that the username/password are not authenticated on the local box, nor are group file permissions to mounted shares. I can assign group permissions that do not exist on the local box to files that do exist on the local box. In theory you should be able to do the same... -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl Bob Miller 334-7117/660-5315 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
Miguel Medalha wrote: net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Yes. Okay, Now I am really confused. I have three users in my PDC that exist no where else. In /etc/groups they are assigned to users (100). My smb.conf restricts users to group users. These three users are able to use my shares. Why does this work? I thought net groupmap add was only to be used when named differed? What am I missing? -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
Peter Ulrich Kruppa wrote: Am Samstag, den 09.05.2009, 13:00 -0700 schrieb MargoAndTodd: Miguel Medalha wrote: net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Yes. Okay, Now I am really confused. I have three users in my PDC that exist no where else. In /etc/groups they are assigned to users (100). My smb.conf restricts users to group users. These three users are able to use my shares. Sorry, perhaps my answer wasn't clear enough: Sambas user/group database is completely seperate from your unix user/group system. So all samba groups have to be mapped to unix groups. You have to check your system of permissions carefully, since samba can't allow things that are forbidden to unix users. Greetings, Uli. Hi Uli, Is this a difference between workgroup samba and pdc SAMBA? I have a workgroup Samba customer with about 15 /etc/groups controlling who sees what. Works perfectly. Confused, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group mapping question
Hi All, Just a general question about groups. I am upgrading a Samba workgroup, server to a PDC. I have been reading: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2589321 In this link, they tell of how to map a windows group to a Samba group net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Question 2: once I have mapped these groups, where are they stored, so I can back them up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Yes. Question 2: once I have mapped these groups, where are they stored, so I can back them up? From a table in Chapter 41. Managing TDB Files of the Samba-HOWTO-Collection you just quoted: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html « group_mapping.tdb: Stores group mapping information. Preserve?=Yes. Not used when using LDAP backend. » So, if you use LDAP, backup the LDAP database or a export it to a LDIF file and keep the file. If you are using tdbsam as a backend, look into /var/lib/samba (at least in a RedHat System) and backup the group_mapping.tdb file. Most of all, do your homework. Please note that you can download the following books in PDF format and use the search function. Samba 3 By Example Samba 3 HOWTO They are included with Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Group mapping question
Greetings, I am hopeful that someone can assist me with what I am certain is a simple misconfiguration. I am running a smb server on RHEL5.2, the version of samba is 3.2.1. I am having a heck of a time getting group maps to work. The problem is as followed: Share called office need to be accessible to a group of windows users. The share shows filesystem permissions of drwxrwx--x 50 user office. I have mapped the unix group office to a domain group called staff assistants. net groupmap list staff assistants (S-1-5-21-3185994284-2127990412-3136590628-1007) - office Yet, I am still unable to access any files in the share from windows. I receive a permission denied error. Output of testparm is below. Thanks in advance for any assistance! Mike [global] workgroup = OFFICE realm = OFFICE.MATH.PSU.EDU server string = MathNet Samba Server %v security = ADS password server = dogwood.math.psu.edu passdb backend = tdbsam:/etc/samba/passdb.tdb username map = /etc/samba/users.map log level = 3 printcap name = cups ldap ssl = no idmap backend = ad idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 hosts allow = 146.186.130., 146.186.132., 146.186.134.29, localhost [homes] read only = No browseable = No posix locking = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Windows Print Drivers path = /etc/samba/drivers write list = root [julieandmary] comment = Share for Julie and Mary path = /home/fourier2/office/JulieandMary valid users = @officeexams read only = No create mask = 00 force create mode = 0660 force directory mode = 0770 posix locking = No [office] path = /home/fourier2/office write list = @office acl group control = Yes inherit permissions = Yes inherit acls = Yes posix locking = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping question
Hello all, I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP both for samba and for posix accounts. Everything runs fine, but while trying to solve another issue, I stumped on this odd behavior: [EMAIL PROTECTED]:/etc# net groupmap list | grep Domain Admins Domain Admins (S-1-5-21-1234567890-1234567890-1234567890-512) - root But: [EMAIL PROTECTED]:/etc# smbldap-groupshow Domain Admins group Domain Admins doesn't exist Is that something I should worry about? Or can anybody help me find what is going on? Best regards and thanks in advance. -- Marcio Merlone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group mapping question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: On Tuesday 04 October 2005 19:26, Robert Prange wrote: I used the following command to set users on my samba server (who are part of the users group) to be able to log into the domain on win xp clients as Administrators. net groupmap modify ntgroup=Domain Admins unixgroup=users I can verify this by typing net groupmap list. The other windows groups that are listed are all set to -1 as I have not set them yet. My question is, how do I undo the above command? Delete the file group_mapping.tdb, then restart samba. or just use 'net groupmap delete' cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDQ8qiIR7qMdg1EfYRAs2eAJ9KNYY47RRkJtpUCAerBE7kZqFj9wCggXoO jz3dkFoYJCvG2PTZCXvJxdY= =8FDs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping question
I used the following command to set users on my samba server (who are part of the users group) to be able to log into the domain on win xp clients as Administrators. net groupmap modify ntgroup=Domain Admins unixgroup=users I can verify this by typing net groupmap list. The other windows groups that are listed are all set to -1 as I have not set them yet. My question is, how do I undo the above command? I was only fooling around with group mapping, and do not intend to use it. So, I would like to set everything back to -1. Also, is there a control file somewhere that holds the group mapping information? Any help is appreciated, thanks. Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group mapping question
On Tuesday 04 October 2005 19:26, Robert Prange wrote: I used the following command to set users on my samba server (who are part of the users group) to be able to log into the domain on win xp clients as Administrators. net groupmap modify ntgroup=Domain Admins unixgroup=users I can verify this by typing net groupmap list. The other windows groups that are listed are all set to -1 as I have not set them yet. My question is, how do I undo the above command? Delete the file group_mapping.tdb, then restart samba. - John T. I was only fooling around with group mapping, and do not intend to use it. So, I would like to set everything back to -1. Also, is there a control file somewhere that holds the group mapping information? Any help is appreciated, thanks. Robert -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba