samba 3 and local wheel group membership

[T. Kornack]

Hello Tom,


just came across your message when trying to find a solution for another
problem... 

As far as I know 'net groupmap' never makes group members to show up in
/etc/group. It just does a group mapping from UNIX world to SMB world. And
this is what is mainly covered in the Samba docs.

What you need imho is the other way around - somehow mapping SMB-groups into
UNIX-groups. Here is my suggestion:

1. Map the group 'wheel' to a _local_ SMB-group using 'net groupmap ...' as
you already tried.

2. Create a _global_ group in your NT domain containing your intended
'wheel' members.

3. Make the global group from step 2.) become a member of the local group
from step in 1.) using 'net group ADD ...'. Don't worry what old Samba docs
say, from a certain version on (tested it with v3.0.13) encapsulated group
membership works.

4. Make sure winbindd is running on your Samba machine. This daemon is
responsible for the group mapping.

Explanation: The users also don't show up in /etc/group but the group
membership is solved on the fly by winbindd. I found the details in the
recent Samba-3-Howto on samba.org.

Kind regards

Thomas

E-Mail: kornack at tkc-online.de
Web:    http://www.tkc-online.de