Bug 3386 - smbpasswd -a fails on HEAD, net groupmap unusable rubbish.
Summary: smbpasswd -a fails on HEAD, net groupmap unusable rubbish.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.21a
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-07 14:29 UTC by Jeremy Allison
Modified: 2006-07-05 13:17 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2006-01-07 14:29:05 UTC
Logging this on 3.0.21a although it only exists in HEAD right now.

With Volker's new passdb work requiring group maps adding a new user to a passdb backend fails as follows :

bin/smbpasswd -a root
New SMB password:
Retype new SMB password:
Primary group of user root is not mapped, please map it to a SID with
'net groupmap add'
Failed to modify password entry for user root

What needs to be done is do gid -> sid, if this fails then we must get the group name and attempt to create a new domain group entry to map this posix group to a domain group. As domain groups and local groups must have different names this gives us a problem when trying to map a POSIX group of "users", so I'm intending to map this to an nt domain group of "unix-users" instead.

smbpasswd -a must work automatically without any forced groupmap work from the user.

Oh, and my first attempts to fix this using net groupmap were a miserable failure due to the error checking and help texts from this tool being unusable and horribly confusing *shit*. I need to fix that. It allowed a mapping to rid *zero* for the "users" group. This is a nasty bug.

Jeremy.
Comment 1 Andrew Bartlett 2006-01-08 03:45:51 UTC
I would appricate feedback on how best to avoid being in this area in Samba4.  If there are areas in this that Samba3 will deal with for compatability, but that you would like never to see again, make sure you holler my way...
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-01-25 08:33:41 UTC
Jeremy,  didn't you fix this already. if so, please close.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-07-05 13:17:41 UTC
closing