[Samba] groupmap + ldapsam questions
John H Terpstra
jht at Samba.Org
Tue Nov 9 19:01:22 GMT 2004
Etienne,
Please refer to the "Samba-3 by Example" book Chapters 5 and 6 for detailed
worked examples of how to use Samba-3 with LDAP. You can download the latest
version of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf
When you have it all figured out, please send me your patches to help make the
Samba-HOWTO-Collection much clearer. We very much appreciate user
contributions as we believe that the knowledge of the masses makes Samba a
better proposition.
I apologize for any lack of clarity in the Samba-HOWTO-Collection - but do
point out that it is a "green" document. This means it is constantly updated,
either as I receive tips, suggestions - and in particular contributions. The
latest version can be found on the Samba web site as:
http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
I look forward to your assistance to make Samba a better product.
Cheers,
John T.
On Tuesday 09 November 2004 11:37, Etienne Goyer wrote:
> Hi,
>
> Two questions regarding the use of group map combined with ldapsam.
>
> First, the Official HOWTO is relatively unclear about what need to be
> done wrt to group map when using ldapsam. It state it is the
> responsability of the admin to add the group map to the ldap backend,
> but nothing else. What need to be in an LDAP groupmap object ? I tried
> the following LDIF, and it seem to work using "net groupmap list" :
>
> # Domain Users, Group, domain.com
> dn: displayName=Domain Users,ou=Group,dc=domain,dc=com
> objectClass: sambaSidEntry
> objectClass: sambaGroupMapping
> gidNumber: 100
> description: Netbios Domain Users
> sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513
> sambaGroupType: 2
> displayName: Domain Users
>
> Notice that the object is not of objectClass posixAccount. Also not
> that the gidNumber is the one of the "users" group, defined in
> /etc/group. Similarly, I want to map the "Domain Guests" group to Unix
> group nobody, and "Domain Admins" to group root. Are there implication
> I should be aware of ? Any better way to achieve similar results ?
>
>
> Also, I can list group map with "net groupmap list", but I fail to add
> any groupmap. Example :
>
> [root at server root]# net groupmap add ntgroup=blah unixgroup=wheel
> No rid or sid specified, choosing algorithmic mapping
> adding entry for group blah failed!
>
> Logs are silent. How come ? Are we supposed to managed the group map
> at the LDAP level, and forego the use of "net groupmap" for this purpose?
>
> Thanks very much for your input !
>
> Etienne Goyer
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list