FW: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.

Michael Nenishkis - List ID mjnlist at karindo.net
Sat Oct 12 01:45:03 GMT 2002

Sorry, still stuck with this problem. 
It is a repost, please kindly shed me light.
-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Michael Joseph Nenishkis
Sent: Saturday, September 28, 2002 1:03 AM
To: samba at lists.samba.org
Subject: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.

Guru's, I humbly ask you for help.
I ran into a problem in which I cannot find the reason/fix.

redhat 7.3
samba 2.2.5 --withldapsam
nss_ldap configured to route the Unix UID/GID from same LDAP server.

It is running well and am able to authenticate off the LDAP servers. One
problem I am having right now is that I would like non-root
administrators to be able to use smbpasswd -L option to reset user

the /etc/samba/secrets.tdb is
-rw-rw-r--    1 root     ADMIN      8192 Sep 27 18:19
*changed group rights so that user in ADMIN group of unix has write
access -- as pointed out on the samba readme files.

username, for example, on unix is joedoe.
telnet to unix host as joedoe, type "id -G" shows 5 groups, for example.
uid=510(joedoe) gid=100(users)

So joedoe is a member of the ADMIN group.
SMB.conf is configured as follows:
domain admin group = @ADMIN

I am able to join NTworkstation into the domain as user joedoe, so samba
understands domain admin = @admin = joedoe is a member.

But, when I login to unix host as joedoe, and type
smbpasswd -L maryjoe -D256 (enter)
New SMB password: xxxxxx
Retype SMB password: xxxxxx
--cut cut---
ldap_open_connection: starting...
user_in_list: checking user joedoe in list @ADMIN
user_in_list: checking user |joedoe| against |@ADMIN|
Unable to get default yp domain
user_in_unix_group_list: checking user joedoe in group ADMIN
user_in_unix_group_list: no such group ADMIN
ldap_open_connection: cannot access LDAP when not root or a member of
domain admin group.. Failed to find entry for user maryjoe. Failed to
modify password entry for user maryjoe
Seems Samba is not able to get the full group list for user joedoe. (?)

I have looked into "user_in_unix_group_list" in the source and found
there is a handle in lib/username.c but I have not clue what to do.

Please kindly give me a pointer on this problem..

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list