[Samba] adding users to group with net rpc - Samba

This is a discussion on [Samba] adding users to group with net rpc - Samba ; section 13.3.2 of the HOWTO shows that i can add a user to a group with the following command: root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot when i execute this command (replaced with my server specific values, of course), ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: [Samba] adding users to group with net rpc

  1. [Samba] adding users to group with net rpc

    section 13.3.2 of the HOWTO shows that i can add a user to a group with the
    following command:

    root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot

    when i execute this command (replaced with my server specific values, of
    course), i get a NT_STATUS_NO_SUCH_USER error.

    i can verify that my user DOES exist and that he belongs to the posix group
    account. i can also verify that the posix group account is mapped to the
    windows group account.

    is the syntax for this command correct? (the net manpage shows no 'addmem'
    option), or am i doing something wrong??

    when i run the following i get an empty list:

    root# net rpc group members "Domain Users" -Uroot
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] Re: adding users to group with net rpc

    executing the following command for all users will show their correct group:

    root# net rpc user info billybob

    but, like i said the following command shows nothing:

    root# net rpc group members "Domain Users" -Uroot

    and i still can't get this command to work:

    root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot

    however, i'm wondering i do i even need this last command... all my users
    seem to be already mapped...

    On Mon, May 19, 2008 at 3:30 PM, Leandro Tracchia
    wrote:

    > section 13.3.2 of the HOWTO shows that i can add a user to a group with the
    > following command:
    >
    > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot
    >
    > when i execute this command (replaced with my server specific values, of
    > course), i get a NT_STATUS_NO_SUCH_USER error.
    >
    > i can verify that my user DOES exist and that he belongs to the posix group
    > account. i can also verify that the posix group account is mapped to the
    > windows group account.
    >
    > is the syntax for this command correct? (the net manpage shows no 'addmem'
    > option), or am i doing something wrong??
    >
    > when i run the following i get an empty list:
    >
    > root# net rpc group members "Domain Users" -Uroot
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] adding users to group with net rpc

    On Monday 19 May 2008 02:30:31 pm Leandro Tracchia wrote:
    > section 13.3.2 of the HOWTO shows that i can add a user to a group with the
    > following command:
    >
    > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot
    >
    > when i execute this command (replaced with my server specific values, of
    > course), i get a NT_STATUS_NO_SUCH_USER error.
    >
    > i can verify that my user DOES exist and that he belongs to the posix group
    > account. i can also verify that the posix group account is mapped to the
    > windows group account.
    >
    > is the syntax for this command correct? (the net manpage shows no 'addmem'
    > option), or am i doing something wrong??
    >
    > when i run the following i get an empty list:
    >
    > root# net rpc group members "Domain Users" -Uroot


    What version of Samba are you running?

    - John T.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Re: adding users to group with net rpc

    On Monday 19 May 2008 02:46:34 pm Leandro Tracchia wrote:
    > executing the following command for all users will show their correct
    > group:
    >
    > root# net rpc user info billybob
    >
    > but, like i said the following command shows nothing:
    >
    > root# net rpc group members "Domain Users" -Uroot
    >
    > and i still can't get this command to work:


    OK. What is the output of?:

    pdbedit -Lw root

    >
    > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot


    I just validated that this command works on Samba-3.0.28.

    > however, i'm wondering i do i even need this last command... all my users
    > seem to be already mapped...


    What do you mean by this? How did you do this?

    - John T.

    > On Mon, May 19, 2008 at 3:30 PM, Leandro Tracchia
    >
    > wrote:
    > > section 13.3.2 of the HOWTO shows that i can add a user to a group with
    > > the following command:
    > >
    > > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot
    > >
    > > when i execute this command (replaced with my server specific values, of
    > > course), i get a NT_STATUS_NO_SUCH_USER error.
    > >
    > > i can verify that my user DOES exist and that he belongs to the posix
    > > group account. i can also verify that the posix group account is mapped
    > > to the windows group account.
    > >
    > > is the syntax for this command correct? (the net manpage shows no
    > > 'addmem' option), or am i doing something wrong??
    > >
    > > when i run the following i get an empty list:
    > >
    > > root# net rpc group members "Domain Users" -Uroot




    --
    John H Terpstra
    Samba-Team Member
    Phone: +1 (512) 970-0256

    Author:
    The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
    Samba-3 by Example, 2 Ed., ISBN: 0131882221X
    Hardening Linux, ISBN: 0072254971
    Other books in production.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. [Samba] domain memership and security=domain

    Dear List,

    I have successfully deployed my first Samba 3 PDC with LDAP, and I have
    several XP pro workstations successfully joined to the domain. There are
    some other XP pro workstations that are not joined to the domain yet, but
    are on the same network.

    Now I have another Linux (Suse 9.2) PC (separate from the PDC) that is
    acting as a file server, with it's own shares.
    This PC has no local user accounts, and I set this with security = domain,
    passwd server = SambaPDC and successfully joined it to the domain with net
    rpc join etc..

    On each share I specify which users can access that share (valid users = )

    My question is somewhat conceptual (and i suspect, rather basic):
    Once the file server is joined to the domain and is authenticating
    everything with the Samba3 PDC, should security = domain mean that only
    workstations already joined to the domain can have access to the file server
    shares?
    I would imagine this to be the concept behind security = domain, but until
    now, I can still access the shares even from the non-domain workstations).

    In other words, can a Samba3 domain member limit access to its shares only
    to other PCs that are also domain members?
    Or, even better, can this be specified specifically per share?

    Thanks and regards
    Julian



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] domain memership and security=domain


    I apologise for re-posting, but I'll try summarise just in case my original
    message was confusing...

    I have successfully deployed my first Samba 3 PDC with LDAP.

    I have another Linux PC (separate from the PDC) that is acting as a file
    server, with it's own shares.

    This PC has no local user accounts, and I set this with security = domain,
    passwd server = SambaPDC.
    It successfully joined it to the domain with net rpc join etc..

    On each share I specify which users can access that share (valid users = )

    Should security = domain mean that only workstations already joined to the
    domain can have access to the file server shares?
    Until now, I can still access the shares even from the non-domain
    workstations.
    In other words, can a Samba3 domain member limit access to its shares only
    to other PCs that are also domain members?
    Or, even better, can this be specified specifically per share?

    Thanks and regards
    Julian


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. RE: [Samba] domain memership and security=domain

    I think security = domain just has that samba box look at the PDC for
    authentication. I don't think accessing a share has anything to do with
    if the workstation is a part of the domain or not. If you try to connect
    to that share \\sambafileserver\testshare it should prompt you for a
    username and password. If it doesn't that means you are logged in with a
    valid username already. You can check smsbstatus to see how you are
    connected. If you have two domain users, user1, user2, you can make a
    share on available to one user by doing valid users = user1

    Are you trying to restrict machine from accessing a share? I'm not sure
    if you can use the hosts allow per share. Am I understanding you
    correctly?

    Jason Waters


    -----Original Message-----
    From: samba-bounces+jwaters=h2os.com@lists.samba.org
    [mailto:samba-bounces+jwaters=h2os.com@lists.samba.org] On Behalf Of
    Julian Pace Ross
    Sent: Tuesday, May 20, 2008 1:18 PM
    To: samba@lists.samba.org
    Subject: Re: [Samba] domain memership and security=domain


    I apologise for re-posting, but I'll try summarise just in case my
    original
    message was confusing...

    I have successfully deployed my first Samba 3 PDC with LDAP.

    I have another Linux PC (separate from the PDC) that is acting as a file
    server, with it's own shares.

    This PC has no local user accounts, and I set this with security = domain,

    passwd server = SambaPDC.
    It successfully joined it to the domain with net rpc join etc..

    On each share I specify which users can access that share (valid users = )

    Should security = domain mean that only workstations already joined to
    the
    domain can have access to the file server shares?
    Until now, I can still access the shares even from the non-domain
    workstations.
    In other words, can a Samba3 domain member limit access to its shares only

    to other PCs that are also domain members?
    Or, even better, can this be specified specifically per share?

    Thanks and regards
    Julian


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  8. Re: [Samba] domain memership and security=domain

    RE: [Samba] domain memership and security=domainThanks guys, it is clearer now and the behaviour now makes sense to me.

    I was actually already using host allow/deny, but with IP's and globally. Now i'm doing:
    [share]
    hosts allow = mymachinename
    hosts deny = all

    ...and it works exactly as i want it to.

    Thanks again
    Julian
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread