Mapping NT groups to UNIX groups when using Samba

by Jerry Winegarden, revised 10/12/04

When using samba, if you create users groups on the Linux side, you must map them to NT groups. This is done with the "net groupmap" command. If you get error messages in /var/log/messages like:

yourserver smbd[4786]:  get_domain_user_groups: primary gid of user
[auser] is not a Domain group !
yourserver smbd[4786]:  get_domain_user_grups: You should fix it, NT
doesn't like that


You fix this by typing something like this:

(assuming in this example you have a group called "student")

net groupmap add ntgroup="student" unixgroup="student"

You list the ntgroup mappings by:

net groupmap list

If you create a separate student login for each machine (e.g. student1,...,student20, with the account "student" also created), then modify the primary group for each of these studentN accounts:


usermod -g student student1


You should see the following 2 entries in /etc/passwd
(grep student /etc/passwd)

student:x:501:501::/home/student:/bin/bash
student1:x:530:501::/home/student1:/bin/bash


and /etc/group should have two equivalent lines:

student:x:501:student1,student2,...,student20
student1:x:530: