primaryGroupID etc -- Questions concerning samba-2.2.6 and openldap 2.0.23

Dr. Hansjoerg Maurer hansjoerg.maurer at
Sat Oct 26 11:15:01 GMT 2002


I installed samba 2.2.6 as pdc with openldap 2.0.23 and most things are
Thanks for your great work.
But I have a few technical questions about details, which I am not sure
about and a few problems with usrmgr.exe

I took the samba.shema included in 2.2.6 and the ldif from IDEALIX.
Then I had many Groups in Ldap (Domain Admins, Domain Users etc)
With the ldif from above, these groups e.g. the Domain Admin group had
gid's of about 200 to 220.
I changed it to 512,513 ... because I have heard, that this is the GID
of Domain Admin , Domain Users ...(I have no posix Unix group in
/etc/group with this ID).
Same with Doamin Users (513) Domain guest (514).
Are these changes necessary?
Do I need Unix groups with this GID?

Next question:
What is the correct  primaryGroupID of a Domain-User? 513 or
2*gidNumber(Unix)+1001 ?
If I want a User to be a Domain Admin can I just put him in the Domain
Admin Group in ldap?
I have
domain admin group =  " @"Domain Admins" "
in smb.conf
Is an  /etc/group entry necessary für this?
(Background the Server has the Unix groups in ldap too)

Apart from this questions I have some problems with usrmgr.exe, which
are not serious.
But I just want to know, if these are limitations or if I did somthing
First of all, usrmgr is able to show all values in ldap (great).
If I edit a real name of an user, it works.
But after saving the changes, I get a message on the windows side:
"The following error changing properties of user maurer occured: group
name could not be found" (translated from german)
But the changes are submitted to ldap correctly.

When I edit the properties of an user (eg real name), during the the
save  values of logofftime, kickofftime,pwdmustchange are changed form
2147483647 to 0

More information about the samba-technical mailing list