Enhancement #2792

Samba: map local users to Domain Users

Added by Giacomo Sanchietti over 5 years ago. Updated about 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-samba
Target version:v6.5
Resolution: NEEDINFO:No

Description

When the server is configured as a PDC, the locals unix group is mapped to a Samba group called with the same name.

Probably, the expected behavior is that locals unix group is mapped to Domain Users Samba group.
On a running machine, this can be achieved with these commands:

SID=`net getlocalsid | cut -d' ' -f6`;  net groupmap add ntgroup="Domain Users" unixgroup=locals sid=$SID"-513" 

net groupmap delete ntgroup="Domain Users" 
net groupmap delete ntgroup="locals" 

Should this mapping be the default on a PDC system?


Related issues

Related to NethServer 6 - Enhancement #2803: Edit workgroup name when role is Workstation CLOSED
Related to NethServer 6 - Bug #2733: Domain Administrators rights not enforced by workstations CLOSED

Associated revisions

Revision 484fb6b0
Added by Davide Principi about 5 years ago

Domain Users NT group is now mapped to "locals". Refs #2792

Revision 541b9f43
Added by Davide Principi about 5 years ago

nethserver-samba-netcacheflush: clear ID map cache on relevant events. Refs #2792

Revision 77789020
Added by Davide Principi about 5 years ago

nethserver-samba-netcacheflush: fixed shell shebang. Refs #2792

History

#1 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to ~FUTURE
  • % Done changed from 0 to 20

#2 Updated by Filippo Carletti about 5 years ago

  • Target version changed from ~FUTURE to v6.5

#3 Updated by Davide Principi about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

On branch b2803 Refs #2803

#4 Updated by Davide Principi about 5 years ago

#5 Updated by Davide Principi about 5 years ago

  • Related to Bug #2733: Domain Administrators rights not enforced by workstations added

#6 Updated by Davide Principi about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case 1

Install the modified package on a clean system.

   # wbinfo -G `getent group locals | cut -d : -f 3`
S-1-5-21-...-513

RID must be 513, and domusers must NOT exist

Test case 2

Update an existing installation, re-execute the same checks of Test case 1.

#7 Updated by Davide Principi about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-samba-1.4.5-1.14git5c2b63f.ns6.noarch.rpm

#8 Updated by Giacomo Sanchietti about 5 years ago

  • Assignee set to Giacomo Sanchietti

#9 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Test case 1

Test case 2

[root@localhost ~]# wbinfo -G `getent group locals | cut -d : -f 3`
S-1-5-21-4115209966-4004303613-1871331273-513

Created a new user t1:

[root@localhost ~]# net rpc group members locals
Enter root's password:
LOCALHOST\admin
LOCALHOST\t1

[root@localhost ~]# net rpc group members "Domain Users" 
Enter root's password:
LOCALHOST\admin
LOCALHOST\t1

#10 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Package in nethserver-updates:
  • nethserver-samba-1.4.6-1.ns6.noarch.rpm

Also available in: Atom PDF