I have Samba 3.09 as my PDC on Linux ES3 and works great with the exceptiong of adding functional domain groups:
ie:
net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d
When I create a share on a NT5 box and give Financial Services full control I get access denied. The test user account being used does belong to the finsrvs goup on the Linux side.
If I change the permission to that same share to Domain Users Group the test user can access the share.
net groupmap list shows proper groupmaping:
Financial Services (S-1-5-21-1341286763-1234037261-770356090-2013) -> finsrvcs
There is a problem with the groupmap but not sure what's wrong.
Here is my Global section of my smb.conf
netbios name = pdc
workgroup = sandbox
domain logons = Yes
domain master = Yes
os level = 64
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
log level = 1
max log size = 100
dead time = 15
nt acl support = yes
security = user
smb passwd file = /etc/samba/smbpasswd
passdb backend = smbpasswd
encrypt passwords = yes
idmap gid = 15000-20000
idmap uid = 15000-20000
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/gruopdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
name resolve order = hosts
#wins support = true
#dns proxy = yes
#printing = cups
logon path =
#printcap name = cups
ie:
net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d
When I create a share on a NT5 box and give Financial Services full control I get access denied. The test user account being used does belong to the finsrvs goup on the Linux side.
If I change the permission to that same share to Domain Users Group the test user can access the share.
net groupmap list shows proper groupmaping:
Financial Services (S-1-5-21-1341286763-1234037261-770356090-2013) -> finsrvcs
There is a problem with the groupmap but not sure what's wrong.
Here is my Global section of my smb.conf
netbios name = pdc
workgroup = sandbox
domain logons = Yes
domain master = Yes
os level = 64
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
log level = 1
max log size = 100
dead time = 15
nt acl support = yes
security = user
smb passwd file = /etc/samba/smbpasswd
passdb backend = smbpasswd
encrypt passwords = yes
idmap gid = 15000-20000
idmap uid = 15000-20000
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/gruopdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
name resolve order = hosts
#wins support = true
#dns proxy = yes
#printing = cups
logon path =
#printcap name = cups