Solved

samba pdc mapping windows groups to unix groups

Posted on 2007-12-05
4
1,268 Views
Last Modified: 2013-12-16
Dear Sir/Madam:

configured the linux as domain controller  
[root@parrot ~]# net groupmap list
Domain Admins (S-1-5-21-386657565-2353459576-620808375-512) -> 533
Domain Users (S-1-5-21-386657565-2353459576-620808375-513) -> users
Domain Guests (S-1-5-21-386657565-2353459576-620808375-514) -> nobody

created unix groups : ntadmins , users and nobody

when tried to map them to windows groups with the following command getting the error :

[root@parrot ~]# groupadd ntadmins
groupadd: group ntadmins exists
[root@parrot ~]# net groupmap modify ntgroup="Domain Admins"unixgroup=ntadmins
NT Group Domain Adminsunixgroup=ntadmins doesn't exist in mapping DB

please help me on this.











0
Comment
Question by:D_wathi
  • 2
  • 2
4 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
Comment Utility
Hi,

You need to use "net groupmap" command to map groups.

This is the usage of the command:
net groupmap add rid=1000 ntgroup="Accounting" unixgroup=acct type=d

Please note the type=d switch it means that the gorup is a domain group.

For mote informaion please browse here:

http://samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
0
 

Author Comment

by:D_wathi
Comment Utility
thanks sir did accordingly could able to map users  and when root login roaming profile is loaded from the linux domain controller but for ordinary samba users following message appears in the windows:

Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
ok so in fact the answer to your question is ok. now you are asking another question. Let me remind you that it is better to close the question and pen-up another one is the best method for people to reach answer. Anyway the answer to your new question is that: Policies require that profiles be owned by the logged in user by defalt to prevent this follow these steps:

   - Run Group Policy editor (gpedit.msc)
   - Select Computer Configuration > Administrative Templates >  System > User Profiles
   - Remove check for user ownership of Roaming Profile Folders (Enabled)

If the key is not already there you can create it too:
    [HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ System]:            CompatibleRUPSecurity = dword:00000001
0
 

Author Comment

by:D_wathi
Comment Utility
thanks so much for the support  i had done the config in windows but stll the same problem finally
after adding the following line in smb.conf file able to login successfully with the roaming profile
but another error will post as a new query.

 write list = @smbusers @root
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Have you ever stumbled upon a software that is so great that you just love? It happened to me. Love at first sight. Filezilla Server.   Ok its not the most advanced ftp server I've came across. But its a fairly simple piece of software to get the …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now