[Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6

Chris Slack christopher.slack at mercyships.org
Tue Mar 16 09:17:21 GMT 2004 

Hi Clint,

Actually just your comment in there that I didn't have an LDAP group suffix
set in my smb.conf file solved my problem, turns out that I needed to set my
user, group, and machine suffixes in order for it to work properly, so I
just added/modified the following lines:

   ldap suffix = dc=ana,dc=mercyships,dc=org
   ldap user suffix = ou=MSAN
   ldap group suffix = ou=MSAN_G
   ldap machine suffix = ou=MSAN_C

and now it works great.  Thanks for the help!

Chris

Chris Slack
IT System Administrator
Mercy Ships
M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa
www.mercyships.org


-----Original Message-----
From: Clint Sharp [mailto:clint at typhoon.org]
Sent: 15 March 2004 21:52
To: Chris Slack
Cc: samba at lists.samba.org
Subject: Re: [Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP
2.2.6


On Mon, 15 Mar 2004, Chris Slack wrote:

> Hello all,
>
> I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for
> my user/group authentication backend.  So far everything seems to be
working
> properly, I can join the domain from a Win2k PC, login via an account
> created with smbldap-useradd.pl, map my home directory, run the proper
login
> script, etc.  However, with all of that working I'm still having
> difficulties getting group mapping to work.
>
> I've run through the steps in the Samba HOWTO manual and tried everything
> else I could find on the web but I'm stumped at this point.
>
> When I type:
>
>     net groupmap list
>
> I get nothing, when I type:
>
>     net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="Domain
> Admins"
>
> I get the message "adding entry for group Domain Admins failed!".  I've
> tried several permutations of this using different groups, I've tried
adding
> groups to the local /etc/group file to see if it was having an issue with
> LDAP, but nothing seems to help.  I can't seem to find anyone else who has
> had this problem and like I said, everything else is working fine.
Attached
> to the bottom of this message is a dump from testparm with the details of
my
> /etc/samba/smb.conf file.
>
> Please let me know if anyone can give me any suggestions.
>
> Thanks,
>
> Chris Slack
> IT System Administrator
> Mercy Ships
> M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa
> www.mercyships.org
>

Chris,

What do your LDAP logs show samba is sending as the queries?  In the past
when I've had this problem it was related to my ldap suffix.  User queries
worked, but group queries did not (I had groups in a seperate ou from
users).  However, your user and group suffixes are not set in your
smb.conf, so it's not the exact same problem I had.  Please send me the
output from a:

net -d3 groupmap list

Clint

More information about the samba mailing list