From ded016a06c57dbc8c946e842a7a902addf15adbc Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 4 Jul 2006 18:41:34 +0000 Subject: Updating documentation for 3.0.23. Jerry, please check these changes. (This used to be commit fc676238b8e21f244073a9da8cde0f24386c02ea) --- docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml') diff --git a/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml b/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml index 984a17e53e..337ae3d794 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Group-Mapping.xml @@ -19,7 +19,7 @@ groupmap net Starting with Samba-3, new group mapping functionality is available to create associations - between Windows group SIDs and UNIX groups. The groupmap subcommand + between Windows group SIDs and UNIX group GIDs. The groupmap subcommand included with the &net; tool can be used to manage these associations. @@ -183,12 +183,12 @@ - Map this domadm group to the Domain Admins group by running the command: + Map this domadm group to the Domain Admins group by executing the command: -&rootprompt;net groupmap add ntgroup="Domain Admins" unixgroup=domadm +&rootprompt;net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d @@ -213,7 +213,7 @@ -&rootprompt;net groupmap add rid=1000 ntgroup="Accounting" unixgroup=acct +&rootprompt;net groupmap add rid=1000 ntgroup="Accounting" unixgroup=acct type=d The ntgroup value must be in quotes if it contains space characters to prevent the space from being interpreted as a command delimiter. @@ -350,7 +350,7 @@ alias group In effect, Samba supplements the /etc/group data via the dynamic libnss_winbind mechanism. Beginning with Samba-3.0.3, this facility is used to provide - local groups in the same manner as Windows does it. It works by expanding the local groups on the + local groups in the same manner as Windows. It works by expanding the local groups on the fly as they are accessed. For example, the Domain Users group of the domain is made a member of the local group demo. Whenever Samba needs to resolve membership of the demo local (alias) group, winbind asks the domain controller for demo members of the Domain Users @@ -509,8 +509,8 @@ ldapsam domain groups RID - When the passdb backend uses LDAP (ldapsam), it is the - administrator's responsibility to create the essential domain groups and to assign each its default RID. + It is the administrator's responsibility to create the essential domain groups and to assign each + its default RID. @@ -785,9 +785,9 @@ exit 0 #!/bin/bash -net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin -net groupmap modify ntgroup="Domain Users" unixgroup=users -net groupmap modify ntgroup="Domain Guests" unixgroup=nobody +net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d +net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d +net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d groupadd Orks groupadd Elves @@ -806,6 +806,15 @@ net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d refer to the man page. + + Versions of Samba-3 prior to 3.0.23 automatically create default group mapping for the + Domain Admins, Domain Users and Domain Guests Windows + groups, but do not map them to UNIX GIDs. This was a cause of administrative confusion and + trouble. Commencing with Samba-3.0.23 this annomaly has been fixed - thus all Windows groups + must now be manually and explicitly created and mapped to a valid UNIX GID by the Samba + administrator. + + -- cgit