[Samba] 3.0 alpha23 ldapsam/group mapping issue

satadru at umich.edu satadru at umich.edu
Sat Apr 19 18:22:32 GMT 2003


I just moved from using samba 2.2.5 using ldapsam on a mac os x server 
10.2.5 system to samba 3.0 alpha23. I have this samba server acting as a 
PDC.  I would like to enable group mappings but am having an issue.

This is the first group mapping error I get when a user first logs in:

  ldap_connect_system: succesful connection to the LDAP server
[2003/04/19 13:39:00, 2] 
/Users/admin/newsamba/samba-3.0alpha23/source/passdb/p
db_ldap.c:init_sam_from_ldap(1059)
  Entry found for user: sambauser
[2003/04/19 13:39:00, 2] 
/Users/admin/newsamba/samba-3.0alpha23/source/passdb/p
db_ldap.c:ldapsam_search_one_group(2187)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gi
dNumber=1002))]
[2003/04/19 13:39:00, 2] 
/Users/admin/newsamba/samba-3.0alpha23/source/passdb/p
db_ldap.c:ldapsam_search_one_group(2187)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gi
dNumber=-1))]
[2003/04/19 13:39:00, 2] 
/Users/admin/newsamba/samba-3.0alpha23/source/passdb/p
db_ldap.c:ldapsam_search_one_group(2187)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber
=-1))]
[2003/04/19 13:39:00, 2] 
/Users/admin/newsamba/samba-3.0alpha23/source/passdb/p
db_ldap.c:ldapsam_add_group_mapping_entry(2423)
  Group -1 must exist exactly once in LDAP


I also get this error when running this command:
 sudo smbgroupedit -c "Domain Admins" -u domadmin

(domadmin does exist as a group in ldap)

ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(|(displayName=Domain 
Admins)(cn=Domain Admins)))]
ldapsam_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=-1))]
ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=-1))]
Group -1 must exist exactly once in LDAP
NT Group Domain Admins doesn't exist in mapping DB

There actually DOES exist a group called "nogroup" that has an entry of 
gidNumber=-1.

What am I doing wrong?

Any assistance would be appreciated.

satadru pramanik
Systems Administrator,
Intercooperative Council of Ann Arbor


--
satadru at umich.edu
For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled.
-R. P. Feynman,
Personal observations on the reliability of the Shuttle


More information about the samba mailing list