LDAP group entries for PDC code
Kevin Myer
kevin_myer at elanco.k12.pa.us
Thu Jun 3 13:57:02 GMT 1999
Hi,
I am using the HEAD CVS code and sort of have a working Samba controlled
PDC using an LDAP backend. I'm running into a few problems now with
accounts where my credentials bind correctly (username and password) BUT I
don't have the proper access level to do administrative stuff, like add
accounts or machines to a domain. I attempted to user some of the * group
map directives in smb.conf but they don't seem to be working properly and
I would ideally want the group info stored in my LDAP directory. Maybe
someone can point out where I am going wrong or provide a pointer to the
schema used for LDAP NT group storage (if such a schema exists).
>From smb.conf:
domain group map = /usr/local/samba/lib/domaingroup.map
domain user map = /usr/local/samba/lib/domainuser.map
local group map = /usr/local/samba/lib/localgroup.map
>From the above listed files:
domaingroup.map
adm="Domain Admins"
domainuser.map
myer=Administrator
localgroup.map
adm=BUILTIN/Administrators
My LDAP entry is the following:
dn: uid=myer, ou=People, dc=elanco,dc=k12,dc=pa,dc=us
acctflags: [U ]
ntuid: Administrator
sn: myer
userpassword: XXXXXXXXXXXXXXX
uid: myer
pwdlastset: 375429B1
ntpassword: F61126DD1F698B2935E786651502232A
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: account
objectclass: posixAccount
objectclass: sambaAccount
loginshell: /bin/bash
lmpassword: FD62318BDA473A4A17306D272A9441BB
rid: 500
cn: myer
grouprid: 1
mail: myer at elanco.k12.pa.us
uidnumber: 500
gidnumber: 101
homedirectory: /home/myer
krbname: myer at ELANCO.K12.PA.US
--
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District
// \
/( )\
^`~'^
More information about the samba-ntdom
mailing list