FW: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.

Michael Nenishkis - List ID mjnlist at karindo.net
Sat Oct 12 01:45:03 GMT 2002 

Sorry, still stuck with this problem. 
It is a repost, please kindly shed me light.
-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Michael Joseph Nenishkis
Sent: Saturday, September 28, 2002 1:03 AM
To: samba at lists.samba.org
Subject: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.


Guru's, I humbly ask you for help.
I ran into a problem in which I cannot find the reason/fix.

System:
redhat 7.3
samba 2.2.5 --withldapsam
nss_ldap configured to route the Unix UID/GID from same LDAP server.

It is running well and am able to authenticate off the LDAP servers. One
problem I am having right now is that I would like non-root
administrators to be able to use smbpasswd -L option to reset user
passwords.

the /etc/samba/secrets.tdb is
-rw-rw-r--    1 root     ADMIN      8192 Sep 27 18:19
/etc/samba/secrets.tdb
*changed group rights so that user in ADMIN group of unix has write
access -- as pointed out on the samba readme files.

username, for example, on unix is joedoe.
telnet to unix host as joedoe, type "id -G" shows 5 groups, for example.
uid=510(joedoe) gid=100(users)
groups=100(users),300(Group1),200(ADMIN),201(Group2),302(Group3)

So joedoe is a member of the ADMIN group.
 
SMB.conf is configured as follows:
domain admin group = @ADMIN

I am able to join NTworkstation into the domain as user joedoe, so samba
understands domain admin = @admin = joedoe is a member.

But, when I login to unix host as joedoe, and type
smbpasswd -L maryjoe -D256 (enter)
New SMB password: xxxxxx
Retype SMB password: xxxxxx
--cut cut---
ldap_open_connection: starting...
user_in_list: checking user joedoe in list @ADMIN
user_in_list: checking user |joedoe| against |@ADMIN|
Unable to get default yp domain
user_in_unix_group_list: checking user joedoe in group ADMIN
user_in_unix_group_list: no such group ADMIN
ldap_open_connection: cannot access LDAP when not root or a member of
domain admin group.. Failed to find entry for user maryjoe. Failed to
modify password entry for user maryjoe
---
Seems Samba is not able to get the full group list for user joedoe. (?)

I have looked into "user_in_unix_group_list" in the source and found
there is a handle in lib/username.c but I have not clue what to do.

Please kindly give me a pointer on this problem..

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list