LDAP group entries for PDC code

Kevin Myer kevin_myer at elanco.k12.pa.us
Thu Jun 3 13:57:02 GMT 1999


I am using the HEAD CVS code and sort of have a working Samba controlled
PDC using an LDAP backend.  I'm running into a few problems now with
accounts where my credentials bind correctly (username and password) BUT I
don't have the proper access level to do administrative stuff, like add
accounts or machines to a domain.  I attempted to user some of the * group
map directives in smb.conf but they don't seem to be working properly and
I would ideally want the group info stored in my LDAP directory.  Maybe
someone can point out where I am going wrong or provide a pointer to the
schema used for LDAP NT group storage (if such a schema exists).

>From smb.conf:

domain group map = /usr/local/samba/lib/domaingroup.map
domain user map = /usr/local/samba/lib/domainuser.map
local group map = /usr/local/samba/lib/localgroup.map

>From the above listed files:


adm="Domain Admins"





My LDAP entry is the following:

dn: uid=myer, ou=People, dc=elanco,dc=k12,dc=pa,dc=us
acctflags: [U          ]
ntuid: Administrator
sn: myer
uid: myer
pwdlastset: 375429B1
ntpassword: F61126DD1F698B2935E786651502232A
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: account
objectclass: posixAccount
objectclass: sambaAccount
loginshell: /bin/bash
lmpassword: FD62318BDA473A4A17306D272A9441BB
rid: 500
cn: myer
grouprid: 1
mail: myer at elanco.k12.pa.us
uidnumber: 500
gidnumber: 101
homedirectory: /home/myer
krbname: myer at ELANCO.K12.PA.US

     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\

More information about the samba-ntdom mailing list