LDAP: Administrator/Groups/RID
Martin Hofbauer Bacher Systems EDV
mh at bacher.at
Fri Jan 15 23:39:18 GMT 1999
Sorry !
I found the solution going through the archive:
(The long long "Mapping of RIDs to uid_t and gid_t" thread )
RID for Administrator = 500
Group_RID f. Admins = 544
and it worked for login
I think now I am in the Domain Admin group, but not in the Local Admin
Group ( can not modify local Users with the User-Manager f. NT WKS )
Is this correct ?
So , how should domain group mapping be done with LDAP ?
( ldap ? files ? ldap and files ? )
-------------------------------------------------------------------
Martin Hofbauer IT-Consulting
phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH
fax : +43 (1) 60 126-4 Wienerbergstr. 11B
e-mail: mh at bacher.at A-1101 Vienna, Austria
--
On Sat, 16 Jan 1999, Martin Hofbauer Bacher Systems EDV wrote:
>
> Today I continued testing the LDAP/PDC functionality;
>
> I succeeded joining the domain and login with an LDAP User !!!!!!
>
> Problems:
> With the Administrator ( mapped to uid=sadmin,ntuid=Administrator)
> login is rejected with NT Client Error
> (C0000250). Password is ok, because if I add a different password
>
> here is the ldap record:
>
> dn: cn=Super User,ou=People,ou=Zentrale,o=ACG,c=AT
> uid: sadmin
> nickname: sadmin
> userpassword: {crypt}kW09aUFbp4zvs
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: emailPerson
> objectclass: sambaAccount
> ou: Zentrale
> cn: Super User
> uidnumber: 0
> gidnumber: 1
> ntuid: Administrator
> homedrive: H:
> script: scripts\sadmin.bat
> smbhome: sadmin
> profile: sadmin\profile
> rid: 0
> grouprid: 1
> workstations: seppi
> pwdcanchange: 367ECAD3
> pwdmustchange: 967ECAD3
> logontime: 111
> logofftime: 111
> kickofftime: 111
> lmpassword: 14875687C26E8C2990004151ADA7B438
> ntpassword: E735EDF15BD6D35F6187C8DEC377D561
> pwdlastset: 369FAA9F
> acctflags: [U ]
> -------------
>
> My Problem: Due to my lack of NT PDC knowledge,
> I have no idea what I have to set to
> rid, group_rid,( *time values) .
>
> My normal user( who's LDAP login is working) has UNIX UID 6000 and RID
> 6000, too,
>
> The last thing I can see in the log files is a ldap
> search to (member=ADMINISTRATOR,*)(objectclass=SAMBAGROUP)
>
> What about the objectclass SAMBAGROUP ?
> What are the attributes ?
>
> -------------------------------------------------------------------
> Martin Hofbauer IT-Consulting
> phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH
> fax : +43 (1) 60 126-4 Wienerbergstr. 11B
> e-mail: mh at bacher.at A-1101 Vienna, Austria
> --
>
More information about the samba-technical
mailing list