e.lania at elton.nl
Fri Aug 23 00:46:00 GMT 2002
I am still fighting with samba 3.0 and ldap.
I have been able to solve my problem(s) about users and their
My solution was to add the gid of the group to the group_mapping.tdb with
/usr/local/samba/bin/smbgroupedit -a 200 -n domadm -td
Now, the sid of the group (including the group-rid 1401) is properly being
displayed with the command:
I also added this group to /etc/group and made user "eddie" a member of it:
But this all confuses me a bit. Why are all the sids, rids, gids, etc not
being read from the ldap tree?
All my groups, users and member defenitions are allready stored in there.
Because I have to add the groups to the /etc/group file, it almost looks to
me now that using ldap in this case is useless.
When ldap is used, then I think that normally account management should be
done in there, right?
And not in my /etc/group file.
I compiled samba with the following options:
./configure --sbindir=/usr/local/samba/bin --with-logfilebase=/var/log/samba
3 --with-smbmount --with-pam --with-acl-support
Maybe I should compile with other configure options?
(the --with-ldapsam is gone, so that is why I use --with-pam now, or else
swat won't work.)
Do we have to add all the relevant groups (like Administrators, Users,
Guests) to the group_mapping.tdb also?
Their sids and rids aren't in there by default.
(I tried this allready, and now the groups Users, Administrators and Guests
appear twice on a XP workstation, this does not seem to be proper behaviour
And do we also still need to map the Domain Admins, Users and Guests groups
to the (local) unix groups?
Please technicals, I (we) need more info on this!
With many thanks for a reply,
> I have just been playing around with this myself.
> It should also be noted that the primaryGroupID needs to be the RID of the
Domain group, not the Unix gid.
> Is that correct?
> On Sun, 18 Aug 2002 04:07, Simo Sorce wrote:
> > On Sat, 2002-08-17 at 12:40, Andrew Bartlett wrote:
> > > > User "eddie" is in ldap with (uidNumber 500) and member of group
> > > > (Domain Users), primairyGroupID 1403.
> > > > This problem did not appear in 2.2.5 with ldapsam.
> > >
> > > We didn't have group support before now. You need to make sure the
> > > primary group is listed in the group mapping tdb, using smbgroupedit.
> > The group thing is pretty new and many do not know much about it.
> > Maybe we can add anotice to show up in smbpasswd when you add a user
> > without a 'know' primary group?
More information about the samba-technical