Goutham
asked on
samba pdc mapping windows groups to unix groups
Dear Sir/Madam:
configured the linux as domain controller
[root@parrot ~]# net groupmap list
Domain Admins (S-1-5-21-386657565-235345 9576-62080 8375-512) -> 533
Domain Users (S-1-5-21-386657565-235345 9576-62080 8375-513) -> users
Domain Guests (S-1-5-21-386657565-235345 9576-62080 8375-514) -> nobody
created unix groups : ntadmins , users and nobody
when tried to map them to windows groups with the following command getting the error :
[root@parrot ~]# groupadd ntadmins
groupadd: group ntadmins exists
[root@parrot ~]# net groupmap modify ntgroup="Domain Admins"unixgroup=ntadmins
NT Group Domain Adminsunixgroup=ntadmins doesn't exist in mapping DB
please help me on this.
configured the linux as domain controller
[root@parrot ~]# net groupmap list
Domain Admins (S-1-5-21-386657565-235345
Domain Users (S-1-5-21-386657565-235345
Domain Guests (S-1-5-21-386657565-235345
created unix groups : ntadmins , users and nobody
when tried to map them to windows groups with the following command getting the error :
[root@parrot ~]# groupadd ntadmins
groupadd: group ntadmins exists
[root@parrot ~]# net groupmap modify ntgroup="Domain Admins"unixgroup=ntadmins
NT Group Domain Adminsunixgroup=ntadmins doesn't exist in mapping DB
please help me on this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ok so in fact the answer to your question is ok. now you are asking another question. Let me remind you that it is better to close the question and pen-up another one is the best method for people to reach answer. Anyway the answer to your new question is that: Policies require that profiles be owned by the logged in user by defalt to prevent this follow these steps:
- Run Group Policy editor (gpedit.msc)
- Select Computer Configuration > Administrative Templates > System > User Profiles
- Remove check for user ownership of Roaming Profile Folders (Enabled)
If the key is not already there you can create it too:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ System]: CompatibleRUPSecurity = dword:00000001
- Run Group Policy editor (gpedit.msc)
- Select Computer Configuration > Administrative Templates > System > User Profiles
- Remove check for user ownership of Roaming Profile Folders (Enabled)
If the key is not already there you can create it too:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ System]: CompatibleRUPSecurity = dword:00000001
ASKER
thanks so much for the support i had done the config in windows but stll the same problem finally
after adding the following line in smb.conf file able to login successfully with the roaming profile
but another error will post as a new query.
write list = @smbusers @root
after adding the following line in smb.conf file able to login successfully with the roaming profile
but another error will post as a new query.
write list = @smbusers @root
ASKER
Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.