Persistent group mapping

[Jan Dusatko]

I would like to use flat database, similar to old "domain" structure (without any LDAP/DNS). Creating the configuration and allowed extended attributes allow me to change rights for users, however I cannot see any group except local for the client computer. The same configuration I often use in regular smb.conf file on FreeBSD and Linuxes.
When I digging deeper, I found that no group_mapping.tdb has been created. There are only secrets.tdb in /usr/local/etc/samba directory.
Because this file not exists, I tried to manually create synchronization. Extracting from /etc/group groups between GID 1000 and 65533 and use the syntax:
net groupmap add ntgroup={GID_NAME} unixgroup={GID_NAME} rid=GID type=d
show me finally the group name in the explorer security tab . Attached some from well-known group (Domain Admins and so on ...) works nice. Currently, this script has been started after each restart of FreeNAS. Could someone can help me how can I make it persistent?
Regards

Jan

 

[dlavigne]

Please create a ticket at support.freenas.org.

 

[Jan Dusatko]

#2391 closed defect (invalid)

Any recommendation?

Regards
Jan

 

[ixdwhite]

Are you using AD?

 

[dlavigne]

There is some confusion on what you are trying to accomplish and if a group_mapping.tdb is even required to accomplish it.

What version of Windows on the clients? Is there an AD server, and if so, which version.

 

[Jan Dusatko]

Client side: Windows XP, Windows 7
Server side: FreeNAS simulating PDC (no active directory, only flat database). No AD servers.
This should be equivalent of Windows NT 4.0/2000 domain.

All datasets currently on Windows ACL. I can setup rights for users, but group configuration mapping missing when restart Samba daemon or whole FreeNAS server. This mean I cannot configure groups rights to share/directory persistently.

 

[dlavigne]

Thanks! We're looking into seeing if it is a bug or if there is a recommended way of doing it without that .tdb file.

 

[Jan Dusatko]

For the sure, configuration of group mappings has been done by this script:

#!/bin/bash
cat /etc/group | sed 's/:/ /g' | awk '{print $3" "$1}' | sort -n | sed -n '/[0-9][0-9][0-9][0-9]\ */p' | sed '/^6553[3-6]\ */d' | awk '{print "net groupmap add ntgroup=\""$2"\" unixgroup="$2" rid="$1" type=d"}' > /tmp/groupadd.sh
echo 'net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d' >> /tmp/groupadd.sh
echo 'net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d' >> /tmp/groupadd.sh
echo 'net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d' >> /tmp/groupadd.sh
chmod +x /tmp/groupadd.sh
/tmp/groupadd.sh
rm /tmp/groupadd.sh

 

[dlavigne]

As a follow-up, did you ever get this resolved?