Groups in ldap and /etc/group?

Eddie Lania e.lania at home.nl
Sat Sep 28 10:42:01 GMT 2002


Hi Mike,

Thank you for your response.

It makes sense to me.
And your solution is exactly as I have done it so far.

However, there still is one problem to be solved.

When I have defined the groups I wish to use for Samba in the ldap database,
then I still need to know how to handle existing (unix) users.
When my passd backend is the ldap database, I will have to add them in there
too (for their password), right?
But when I do this, they are assigned a new uid and gid number.

I can't figure out how to solve this. The user has to be in ldap for his
ntpasswd, home directory, profile directory, etc.
Is the only option to add a new username for samba purposes only?

Weird......

Eddie.

----- Original Message -----
From: "Mike Brady" <mike.brady at devnull.net.nz>
To: "Eddie Lania" <e.lania at home.nl>
Sent: Saturday, September 28, 2002 11:25 AM
Subject: Re: Groups in ldap and /etc/group?


> Eddie
>
> I have been through this and think that I understand it, so here goes.
> Someone correct me if I am wrong.
>
> First of all, as of 3.0Alpha19 (I haven't looked at 20 yet) Samba does not
> store group data in LDAP as such.  Samba Groups (meaning NT Domain and
local
> Groups) are mapped to Unix groups using the smbgroupedit command.
>
> The Unix groups may be stored where ever /etc/nsswitch.conf says they are
> (files, LDAP, NIS, ...).  The smbldap-groupadd.pl script is actually
adding a
> Unix group, not a Samba group.  So, for Samba to use the Unix groups that
you
> have added in LDAP you first need to install and configure nss_ldap.  You
> then need to use smbgroupedit to map the Samba group to the Unix group.
>
> I hope that that all made sense.
>
> By  the way the documentaton for smbgroupedit is way out of date.  Have a
> look at the source for the actual options.
>
> Mike
>
> On Sat, 28 Sep 2002 18:37, Eddie Lania wrote:
> > Hello,
> >
> > Using smbgroupedit, should I link groups to ldap groups, those in
> > /etc/group (if I also would define them in there) or both?
> > Or none? (If using ldap)
> >
> > Eddie.
>




More information about the samba-technical mailing list