[Samba] User Multiple Groups in Standalone Mode with LDAP Backend
Nelson Vale
nf-vale at critical-links.com
Mon Dec 3 19:23:35 GMT 2007
Hi,
I have samba 3.0.24 installed and running on my linux (debian alike) system as
a (PDC) Standalone Server with an LDAP backend.
The problem that I'm facing is that I want to have users belonging to multiple
(LDAP) groups.
My LDAP user ldif is like:
# user1, People, local.loc
dn: uid=user1,ou=xxxxx,dc=xxxxx
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uidNumber: 1501
gidNumber: 1000
cn: user1
uid: user1
homeDirectory: /home/users/user1
loginShell: /bin/bash
sn: user1
sambaSID: S-1-5-21-399272150-696482500-2462376985-1501
sambaPrimaryGroupSID: S-1-5-21-399272150-696482500-2462376985-1000
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 1
sambaAcctFlags: [U]
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
and my groups ldif is like (I'm using rfc2307bis schema for this with
compatible nss-ldap):
dn: cn=group1,ou=Groups,dc=xxxx,dc=xxxx
objectClass: posixGroup
objectClass: groupOfNames
objectClass: top
cn: group1
gidNumber: 1000
member: uid=userx,ou=xxxxx,dc=xxxx,dc=xxxx
member: uid=usery,ou=xxxxx,dc=xxxx,dc=xxxx
memberUid: userx
memberUid: usery
dn: cn=group2,ou=Groups,dc=xxxx,dc=xxxx
objectClass: posixGroup
objectClass: groupOfNames
objectClass: top
cn: group2
gidNumber: 1001
member: uid=userx,ou=xxxxx,dc=xxxx,dc=xxxx
memberUid: userx
The samba configuration file is like:
...
ldap user suffix = ou=xxxxx
idmap gid = 10000-20000
ldap password sync = yes
logon drive = z:
domain master = yes
passdb backend = ldapsam:ldap://127.0.0.1
wins proxy = no
wins support = yes
ldap delete dn = Yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
idmap uid = 10000-20000
ldap suffix = dc=xxxx,dc=xxxx
local master = yes
workgroup = SAMBASERVER
ldap admin dn = cn=xxxxxxxxxxxx,ou=xxxxx,dc=xxxx,dc=xxxx
security = user
preferred master = yes
ldap idmap suffix = ou=Idmap
...
This is all working well and if I do "id userx" I get all the groups the user
belongs to.
My problem is that samba is not getting all groups that a user belong. In fact
I'm only getting the group that is defined in the sambaPrimaryGroupSID, so
I'm wondering that I'm missing something, I just don't now what.
What can I do to make samba get all groups that a user belongs to?
More information about the samba
mailing list