LDAP: Administrator/Groups/RID

Martin Hofbauer Bacher Systems EDV mh at bacher.at
Fri Jan 15 23:39:18 GMT 1999


Sorry !


I found the solution going through the archive:
(The long long "Mapping of RIDs to uid_t and gid_t" thread )

RID for Administrator = 500
Group_RID f. Admins   = 544

and it worked for login

I think now I am in the Domain Admin group, but not in the Local Admin
Group ( can not modify local Users with the User-Manager f. NT WKS )

Is this correct ?

So , how should domain group mapping be done with LDAP ?
(  ldap ? files ? ldap and files ? )

-------------------------------------------------------------------
Martin Hofbauer                                       IT-Consulting
phone : +43 (1) 60 126-34                   Bacher Systems EDV GmbH
fax   : +43 (1) 60 126-4                         Wienerbergstr. 11B
e-mail: mh at bacher.at                         A-1101 Vienna, Austria
--

On Sat, 16 Jan 1999, Martin Hofbauer Bacher Systems EDV wrote:

> 
> Today I continued testing the LDAP/PDC functionality;
> 
> I succeeded joining the domain and login with an LDAP User !!!!!!
> 
> Problems:
> 	With the Administrator ( mapped to uid=sadmin,ntuid=Administrator)
> 	login is rejected with NT Client Error
> 	(C0000250). Password is ok, because if I add a different password
> 	
> 	here is the ldap record:
> 
> dn: cn=Super User,ou=People,ou=Zentrale,o=ACG,c=AT
>  uid: sadmin
>  nickname: sadmin
>  userpassword: {crypt}kW09aUFbp4zvs
>  objectclass: top
>  objectclass: person
>  objectclass: organizationalPerson
>  objectclass: inetOrgPerson
>  objectclass: emailPerson
>  objectclass: sambaAccount
>  ou: Zentrale
>  cn: Super User
>  uidnumber: 0
>  gidnumber: 1
>  ntuid: Administrator
>  homedrive: H:
>  script: scripts\sadmin.bat
>  smbhome: sadmin
>  profile: sadmin\profile
>  rid: 0
>  grouprid: 1
>  workstations: seppi
>  pwdcanchange: 367ECAD3
>  pwdmustchange: 967ECAD3
>  logontime: 111
>  logofftime: 111
>  kickofftime: 111
>  lmpassword: 14875687C26E8C2990004151ADA7B438
>  ntpassword: E735EDF15BD6D35F6187C8DEC377D561
>  pwdlastset: 369FAA9F
>  acctflags: [U          ]
> -------------
> 
> 	My Problem: Due to my lack of NT PDC knowledge,
> 	I have no idea what I have to set to
> 	rid, group_rid,( *time values) .
> 
> My normal user( who's LDAP login is working) has UNIX UID 6000 and RID
> 6000, too, 
> 
> 	The last thing I can see in the log files is a ldap
> 	search to (member=ADMINISTRATOR,*)(objectclass=SAMBAGROUP)
> 
> 	What about the objectclass SAMBAGROUP ?
> 	What are the attributes ?
> 
> -------------------------------------------------------------------
> Martin Hofbauer                                       IT-Consulting
> phone : +43 (1) 60 126-34                   Bacher Systems EDV GmbH
> fax   : +43 (1) 60 126-4                         Wienerbergstr. 11B
> e-mail: mh at bacher.at                         A-1101 Vienna, Austria
> --
> 



More information about the samba-technical mailing list