From owner-freebsd-questions@FreeBSD.ORG Wed Aug 10 10:44:51 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5940116A41F for ; Wed, 10 Aug 2005 10:44:51 +0000 (GMT) (envelope-from kornack@tkc-online.de) Received: from server.itaw.de (142.195.203.213.rev.inetbone.net [213.203.195.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C5A443D53 for ; Wed, 10 Aug 2005 10:44:49 +0000 (GMT) (envelope-from kornack@tkc-online.de) Received: from localhost (localhost [127.0.0.1]) by server.itaw.de (server.itaw.de) with ESMTP id 35516D94090 for ; Wed, 10 Aug 2005 12:24:53 +0200 (CEST) Received: from server.itaw.de ([127.0.0.1]) by localhost (server.itaw.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20175-10 for ; Wed, 10 Aug 2005 12:24:49 +0200 (CEST) Received: from p43000 (p54BE50FE.dip.t-dialin.net [84.190.80.254]) by server.itaw.de (server.itaw.de) with ESMTP id 1E88ED9408E for ; Wed, 10 Aug 2005 12:24:46 +0200 (CEST) From: "T. Kornack" To: Date: Wed, 10 Aug 2005 12:24:44 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcWdlboNej0epogcQruXQGrETvgxKA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Message-Id: <20050810102448.1E88ED9408E@server.itaw.de> X-Virus-Scanned: by amavisd-new at server.itaw.de Subject: samba 3 and local wheel group membership X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2005 10:44:51 -0000 Hello Tom, just came across your message when trying to find a solution for another problem... As far as I know 'net groupmap' never makes group members to show up in /etc/group. It just does a group mapping from UNIX world to SMB world. And this is what is mainly covered in the Samba docs. What you need imho is the other way around - somehow mapping SMB-groups into UNIX-groups. Here is my suggestion: 1. Map the group 'wheel' to a _local_ SMB-group using 'net groupmap ...' as you already tried. 2. Create a _global_ group in your NT domain containing your intended 'wheel' members. 3. Make the global group from step 2.) become a member of the local group from step in 1.) using 'net group ADD ...'. Don't worry what old Samba docs say, from a certain version on (tested it with v3.0.13) encapsulated group membership works. 4. Make sure winbindd is running on your Samba machine. This daemon is responsible for the group mapping. Explanation: The users also don't show up in /etc/group but the group membership is solved on the fly by winbindd. I found the details in the recent Samba-3-Howto on samba.org. Kind regards Thomas E-Mail: kornack@tkc-online.de Web: http://www.tkc-online.de