Samba 3.0a20+LDAP-backend group-builit and mapping questions
Ignacio Coupeau
icoupeau at unav.es
Wed Oct 2 12:02:00 GMT 2002
I'm been playing with the groups and LDAP (passdb backend) and found two
problems:
1. When -as local admin in a XP domain member ws-, from the
administrative tools (control pannel) I select "add a group" an ldap
search is performed, like:
> ldapsam_search_one_user: searching
> for:[(&(uid=Administrators)(objectclass=sambaAccount))]
I have the groups defined in samba-pdc and several maps also:
> bin/smbgroupedit -l | grep -A 1 Admin
> Administrators
> SID : S-1-5-32-544
> --
> Domain Admins
> SID : S-1-5-21-298858960-1863792627-3661451959-512
> -
and the groups don't be found at all (nor builtin nor defined). Of
course, if I provide an user present in the ldap base, is added
perfectly. This issue is only with (domain, non-local) groups.
2. After intend to add a new group in XP from the domain, all the
database are searched:
> base="o=smb,dc=unav,dc=es" scope=2 filter="(&(uid=*)(objectClass=sambaAccount))"
> ... and enumerated:
> [2002/10/03 00:27:05, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(1218)
> ldapsam_setsampwent: 27303 entries in the base!
(BTW: I selected "Group" no "Group and users" in the object class to
search from XP).
Is this a know issue?
if so, Some link?
Note: the PDC has pam and nsswitch for unix accounting.
Thanks,
Ignacio
--
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: icoupeau at unav.es
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list