Server 10.3 PDC and Windows Clients

[Anonymous]

The question is how to go about adding other groups and user accounts to Windows clients.

The X 10.3.2 PDC is up and running, we can create machine accounts, add machines, set Windows user preferences in WGM and all that just fine.

But, when the machine joins the XDOMAIN it just picks up the group <XDOMAIN\Users> group. Attempts to add other groups or individual accounts results in an error on the Windows 2000 client that “there are no readable accounts on the server”.

Obviously, for this concept to be fully functional, we need to be able to create groups and user accounts on the server and be able to add them as needed to the client via “Add Users and Groups”.

Any ideas on how this can be done? Does the Open Directory schema on the X server need to be extended or mapped a particular way?

[Anonymous]

using the “net groupmap (add) (modify) (etc.) I have been able to “add” group mapping for ntgroups to unixgroups and the MMC on the WinXP clients can see and add those groups to the local machine.

You would think now all would be right with the world.

But…..

When we reboot or cold start the server, the group mappings are all gone. Even though when we use the “net groupmap” command and it returns with “db updated”, it’s lying through it’s teeth.

The data seems to be retained in a temp file or cache somewhere and not actually written out to the “db”. What is interesting is that you can do a “net groupmap list” or “net group” and you get a list of any ntgroups you added or mappings you made complete with SID’s.

Just don’t reboot the server!

[Anonymous]

What you say about the use of a “startup” item may be true, but it should not be necessary.

If using “net groupmap add” returns with a statement that “the db was updated” then the mapping should have been written to the database file and be retained until changed. And you should be able to boot that server until the cows come home and have that info available.

As near as I can tell, the information should be written to the “group_mapping.tdb”, but that file is not being modified. It retains the original date and time stamp from Apple and the contents do not get added to.

What compounds the problem is that the documentation is out of date. The samba how-to included with OS X 10.3 has directions on using “groupadd” but that utility is not installed, other web references refer to “smbgroupedit”, but again not installed. And other references go with “smbldap-groupadd”. All appear to have been superceded by “net groupmap”.

I am going to attempt to use the older smbldap-groupadd tool on my test server to see if it can actually write to the database.

[Signguy]

Did you get this issue resolved?

[Author]

Posts