smbgroupedit/pdbedit in SAMBA_3 behavior

John H Terpstra jht at samba.org
Wed Apr 23 16:25:35 GMT 2003


Ignacio,

Please note that smbgroupedit is going away. It's functionality is now in
the net command. From today's CVS onwards try: "net groupmap"

Secondly, pdbedit can only operate on the "passdb backends" specified in
smb.conf and can write only to the first backend specified.

- John T.

On Wed, 23 Apr 2003, Ignacio Coupeau wrote:

> I'm testing the smbgroupedit and as you can see, in the samba-3.0alpha20
> the command lists (as ever) the local/builtin groups:
>
> bin/smbgroupedit -v
> ---------------------------------------
> NT group (SID) -> Unix group
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Domain Users (S-1-5-21-298858960-1863792627-3661451959-513) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Admins (S-1-5-21-298858960-1863792627-3661451959-512) -> admins
> Domain Guests (S-1-5-21-298858960-1863792627-3661451959-514) -> nobody
> ---- eof ----
>
> but not in the a23 nor CVS (today, 12:00 am GMT):
>
> bin/smbgroupedit -v
> -------------
> NT group (SID) -> Unix group
> ---- eof ---
>
> I have the Samba server compiled --with-ldapsam option and runs fine.
> I know this stuff has been rewrote but the builtin-goups list should be
> displayed, rigth?
>
> May some one tell me if this an error or bug or a new behavior?
>
> Also tested this:
> 	bin/smbgroupedit -a prn1 -td
> 		<no output, well?>
> 	bin/smbgroupedit -v
> 		NT group (SID) -> Unix group
> 		----------eof---------
>
> And also:
> 	bin/smbgroupedit -c "Domain Admins" -u admins
> yields:
> 	NT Group Domain Admins doesn't exist in mapping DB
>
> I tested the pdbedit import/export utility and nothing: sounds as if the
> groups are fetched in the ldap (as source) instead internally or tdb:
>
> > Did not find group for filter (&(objectClass=sambaGroupMapping)(gidNumber=-1))
> > ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=-1))]
> > ldapsam_open: allready connected to the LDAP server
> > Group -1 must exist exactly once in LDAP
>
>
> Thanks in advance,
> Ignacio
>
>
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba-technical mailing list