smbgroupedit and ldap groups?

Eddie Lania e.lania at
Fri Oct 4 08:12:01 GMT 2002

Hi list,

Please observe the case below:

I download, compile and install Samba 3.0 from cvs.
I am using ldap.
I have installed the nss_ldap package.
I have setup the pam and /etc/nsswitch.conf files as required.

Now, this is in the smbgroupedit man page:

> To give access to a certain directory on a domain member machine (an
>    NT/W2K or a samba server running winbind) to some users who are member
>    of a group on your samba PDC, flag that group as a domain group:
> root# smbgroupedit -a unixgroup -td

But what if the group I want to map as a domain group is the "Domain Admins"
group that is in the ldap database?
And I want current unix user(s) (in /etc/passwd and /etc/group) to be able
to become a member of the "Domain Users" or "Domain Admins" global groups?

I allready tried the given scenario's (mapping all groups as said in the
smbgroupedit man page and make certain users members of them, etc...), but
still no luck.
At this moment, when a user logs in, his/her primairy gid is still being
taken from the /etc/group file and so the user is not indentified as a
member of any domain group.

Also, the Windows NT UserManager (srvtools) for domains does not work (I
think because of this problem e.g. the user is not indentified as a "Domain
The only time I was able to use the NT UserManager was when I logged on as
I thought this would be solved by Kai's patches, but whatever I try, it
still doesn't work here.

The more I am expirimenting with it, the more confused I get.

Again, any help would be appreciated.



More information about the samba-technical mailing list