[Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6
Chris Slack
christopher.slack at mercyships.org
Mon Mar 15 13:58:34 GMT 2004
Hello all,
I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for
my user/group authentication backend. So far everything seems to be working
properly, I can join the domain from a Win2k PC, login via an account
created with smbldap-useradd.pl, map my home directory, run the proper login
script, etc. However, with all of that working I'm still having
difficulties getting group mapping to work.
I've run through the steps in the Samba HOWTO manual and tried everything
else I could find on the web but I'm stumped at this point.
When I type:
net groupmap list
I get nothing, when I type:
net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="Domain
Admins"
I get the message "adding entry for group Domain Admins failed!". I've
tried several permutations of this using different groups, I've tried adding
groups to the local /etc/group file to see if it was having an issue with
LDAP, but nothing seems to help. I can't seem to find anyone else who has
had this problem and like I said, everything else is working fine. Attached
to the bottom of this message is a dump from testparm with the details of my
/etc/samba/smb.conf file.
Please let me know if anyone can give me any suggestions.
Thanks,
Chris Slack
IT System Administrator
Mercy Ships
M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa
www.mercyships.org
----------------------------------------------------------------------------
--------------------------------------------------------
[root at herm2 /etc]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[nobody]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = CHANNEL
server string = Samba Server
null passwords = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *New*password* %n\n *ReType*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g 553 -s /bin/false %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g 553 -s /bin/false %u
logon script = login.js
logon path = \\%L\Profiles\%U
logon drive = X:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap port = 389
ldap suffix = "ou=MSAN,dc=ana,dc=mercyships,dc=org"
ldap admin dn = "cn=Manager,dc=ana,dc=mercyships,dc=org"
ldap ssl = no
[homes]
comment = Home Directories
read only = No
browseable = No
[nobody]
comment = to prevent from user nobody from having a home share
path = /dev/null
browseable = No
[netlogon]
comment = Network Logon Service
path = /msu/netlogon
browseable = No
share modes = No
root preexec = /usr/local/bin/mkuserconfig.pl %U
root postexec = rm /msu/netlogon/%U.conf
[Profiles]
path = /msu1/Profiles
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
browseable = No
More information about the samba
mailing list