[Samba] Re: LDAP: strange "net groupmap" behaviour
Igor Belyi
sambauser at katehok.ac93.org
Wed Oct 27 12:02:09 GMT 2004
For those who may also look into this problem.
1. This problem is on FreeBSD 4.10 (read - without NSS!)
2. UNIX groups and accounts are kept locally (not in LDAP) whereas Samba
is configured to use LDAP.
3. gidNumber=4294967295 is the same as 0xFFFFFFFF which is (unsigned
int)-1 and Samba's attempt to look for a group with this gid may
indicate an incorrect check for an error in the code.
Let's do it together, shall we? :)
Igor
Igor Belyi wrote:
> Ilia Chipitsine wrote:
>
>> Dear Sirs,
>>
>> I did the following command (against ldapsam backend):
>>
>> net groupmap add rid=3002 unixgroup=wheel type=local
>> ntgroup=Marketoids comment=Mm -d 10
>>
>> I just wanted to add new group. But instead of that I saw many-many-many
>> records:
>>
>> lib/smbldap.c:smbldap_search(963)
>> passdb/pdb_ldap.c:ldapsam_getgroup(2008)
>>
>> they all wanted to find group with gidNumber=4294967295, yes, sure,
>> there's no such group. I didn't mean to find that group, I just meant
>> to add new one. What's wrong ?
>
>
> 'net groupmap' is used to map a Domain group SID to an existing UNIX group.
> If you want to create UNIX group in LDAP you may want to use smbldap
> tools: /usr/local/sbin/smbldap-groupadd.pl <group name>
> To add a group and a mapping use '-a' option with smbldap-groupadd.pl
> script.
> To add groups and a mapping via 'net group add' command or with
> usrmgr.exe Windows utility, add the following line to your smb.conf:
> add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
>
> Please, read Samba docs.
> Hope it helps,
> Igor
>
More information about the samba
mailing list