Samba problems?

[Eddie Lania]

Hello all,

I am still fighting with samba 3.0 and ldap.

I have been able to solve my problem(s) about users and their
primairyGroupId.
My solution was to add the gid of the group to the group_mapping.tdb with
smbgroupedit:

/usr/local/samba/bin/smbgroupedit -a 200 -n domadm -td

Now, the sid of the group (including the group-rid 1401) is properly being
displayed with the command:

/usr/local/samba/bin/smbgroupedit -vs

I also added this group to /etc/group and made user "eddie" a member of it:

domadm:x:200:eddie

But this all confuses me a bit. Why are all the sids, rids, gids, etc not
being read from the ldap tree?
All my groups, users and member defenitions are allready stored in there.
Because I have to add the groups to the /etc/group file, it almost looks to
me now that using ldap in this case is useless.

When ldap is used, then I think that normally account management should be
done in there, right?
And not in my /etc/group file.

I compiled samba with the following options:

./configure --sbindir=/usr/local/samba/bin --with-logfilebase=/var/log/samba
3 --with-smbmount --with-pam --with-acl-support

Maybe I should compile with other configure options?
(the --with-ldapsam is gone, so that is why I use --with-pam now, or else
swat won't work.)

Do we have to add all the relevant groups (like Administrators, Users,
Guests) to the group_mapping.tdb also?
Their sids and rids aren't in there by default.
(I tried this allready, and now the groups Users, Administrators and Guests
appear twice on a XP workstation, this does not seem to be proper behaviour
to me)
And do we also still need to map the Domain Admins, Users and Guests groups
to the (local) unix groups?


Please technicals, I (we) need more info on this!

With many thanks for a reply,

Eddie.


> I have just been playing around with this myself.
>
> It should also be noted that the primaryGroupID needs to be the RID of the
Domain group, not the Unix gid.
>
> Is that correct?
>
> On Sun, 18 Aug 2002 04:07, Simo Sorce wrote:
> > On Sat, 2002-08-17 at 12:40, Andrew Bartlett wrote:
> > > > User "eddie" is in ldap with (uidNumber 500) and member of group
> > > > (Domain Users), primairyGroupID 1403.
> > > > This problem did not appear in 2.2.5 with ldapsam.
> > >
> > > We didn't have group support before now.  You need to make sure the
> > > primary group is listed in the group mapping tdb, using smbgroupedit.
> >
> > The group thing is pretty new and many do not know much about it.
> > Maybe we can add anotice to show up in smbpasswd when you add a user
> > without a 'know' primary group?