FW: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.

Yura Pismerov ypismerov at tucows.com
Sat Oct 12 20:00:59 GMT 2002 

	My understanding is that "domain admin group" is deprecated option.
Have you tried using "admin users = @ADMIN" instead ?

Michael Nenishkis - List ID wrote:
> 
> Sorry, still stuck with this problem.
> It is a repost, please kindly shed me light.
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
> On Behalf Of Michael Joseph Nenishkis
> Sent: Saturday, September 28, 2002 1:03 AM
> To: samba at lists.samba.org
> Subject: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.
> 
> Guru's, I humbly ask you for help.
> I ran into a problem in which I cannot find the reason/fix.
> 
> System:
> redhat 7.3
> samba 2.2.5 --withldapsam
> nss_ldap configured to route the Unix UID/GID from same LDAP server.
> 
> It is running well and am able to authenticate off the LDAP servers. One
> problem I am having right now is that I would like non-root
> administrators to be able to use smbpasswd -L option to reset user
> passwords.
> 
> the /etc/samba/secrets.tdb is
> -rw-rw-r--    1 root     ADMIN      8192 Sep 27 18:19
> /etc/samba/secrets.tdb
> *changed group rights so that user in ADMIN group of unix has write
> access -- as pointed out on the samba readme files.
> 
> username, for example, on unix is joedoe.
> telnet to unix host as joedoe, type "id -G" shows 5 groups, for example.
> uid=510(joedoe) gid=100(users)
> groups=100(users),300(Group1),200(ADMIN),201(Group2),302(Group3)
> 
> So joedoe is a member of the ADMIN group.
> 
> SMB.conf is configured as follows:
> domain admin group = @ADMIN
> 
> I am able to join NTworkstation into the domain as user joedoe, so samba
> understands domain admin = @admin = joedoe is a member.
> 
> But, when I login to unix host as joedoe, and type
> smbpasswd -L maryjoe -D256 (enter)
> New SMB password: xxxxxx
> Retype SMB password: xxxxxx
> --cut cut---
> ldap_open_connection: starting...
> user_in_list: checking user joedoe in list @ADMIN
> user_in_list: checking user |joedoe| against |@ADMIN|
> Unable to get default yp domain
> user_in_unix_group_list: checking user joedoe in group ADMIN
> user_in_unix_group_list: no such group ADMIN
> ldap_open_connection: cannot access LDAP when not root or a member of
> domain admin group.. Failed to find entry for user maryjoe. Failed to
> modify password entry for user maryjoe
> ---
> Seems Samba is not able to get the full group list for user joedoe. (?)
> 
> I have looked into "user_in_unix_group_list" in the source and found
> there is a handle in lib/username.c but I have not clue what to do.
> 
> Please kindly give me a pointer on this problem..
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list