Groups with Samba+LDAP PDC: schema, help needed
Kevin Myer
kevin_myer at elanco.k12.pa.us
Tue Jun 29 15:22:49 GMT 1999
On Tue, 29 Jun 1999, Charles Owens wrote:
> Anyone have the sambaGroup LDAP schema handy? I'm currently trying to
> figure it out from what the slapd logs are saying... not sure if I'm
> getting anywhere.
I am not sure how close I am to having the right thing but it sort of kind
of maybe works for me :)
Some comments:
The following entry will automatically be created the first time you
attempt to do anything LDAP based with Samba (probably best to chop it
out of the LDIF file):
dn: id=root, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
nextrid: 3f7
objectclass: sambaConfig
id: root
So do something with Samba/LDAP and get that entry created. Then import
the remaining stuff in the LDIF file (of course
s/dc=elanco,dc=k12,dc=pa,dc=us/dc=your domain setup/). Now try logging in
and see if domain accounts show up properly.
The groups are what I've been able to figure out from looking at the
source and at Microsoft's documentation for RID's and SID's. I am sure
there are areas where I haven't included accounts in a group or made a
user a member of a group but I've been adding them as I figure it out.
HTH.
Kevin
--
~ Kevin M. Myer
. . Network/System Administrator
/V\ ELANCO School District
// \
/( )\
^`~'^
-------------- next part --------------
dn: id=root, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
nextrid: 3f7
objectclass: sambaConfig
id: root
dn: cn=Domain Admins, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
member: Administrator,1f4,1
objectclass: sambaGroup
ntuid: Domain Admins
rid: 200
cn: Domain Admins
dn: cn=Domain Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
objectclass: sambaGroup
ntuid: Domain Users
rid: 201
cn: Domain Users
dn: cn=Domain Guests, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
objectclass: sambaGroup
ntuid: Domain Guests
rid: 202
cn: Domain Guests
dn: cn=Administrators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
description: Members can fully administer the computer/domain
sid: S-1-5-32-544
objectclass: sambaBuiltin
ntuid: Administrators
rid: 220
cn: Administrators
dn: cn=Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-545
objectclass: sambaBuiltin
ntuid: Users
rid: 221
cn: Users
dn: cn=Guests, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-546
objectclass: sambaBuiltin
ntuid: Guests
rid: 222
cn: Guests
dn: cn=Account Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-548
objectclass: sambaBuiltin
ntuid: Account Operators
rid: 224
cn: Account Operators
dn: cn=Server Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-549
objectclass: sambaBuiltin
ntuid: Server Operators
rid: 225
cn: Server Operators
dn: cn=Print Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-550
objectclass: sambaBuiltin
ntuid: Print Operators
rid: 226
cn: Print Operators
dn: cn=Backup Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-551
objectclass: sambaBuiltin
ntuid: Backup Operators
rid: 227
cn: Backup Operators
dn: cn=Replicator, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-32-552
objectclass: sambaBuiltin
ntuid: Replicator
rid: 228
cn: Replicator
dn: cn=Everyone, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-1-0
objectclass: sambaBuiltin
ntuid: Everyone
cn: Everyone
dn: cn=Network, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-2
objectclass: sambaBuiltin
ntuid: Network
cn: Network
dn: cn=Interactive, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-4
objectclass: sambaBuiltin
ntuid: Interactive
cn: Interactive
dn: cn=Authenticated Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us
sid: S-1-5-11
objectclass: sambaBuiltin
ntuid: Authenticated Users
cn: Authenticated Users
-------------- next part --------------
objectclass sambaAccount
requires
ObjectClass,
uid,
uidNumber,
ntuid,
rid
allows
gidNumber,
grouprid,
nickname,
userpassword,
ou,
description,
lmPassword,
ntPassword,
pwdLastSet,
smbHome,
homeDrive,
script,
profile,
workstations,
acctFlags,
pwdCanChange,
pwdMustChange,
logonTime,
logoffTime,
kickoffTime
objectclass sambaGroup
requires
cn,
rid
allows
description,
member
objectclass sambaBuiltin
requires
cn,
sid
allows
description,
member
More information about the samba-ntdom
mailing list