[Samba] samba3/ldap/net groupmap fails

[John Campbell]

On Thu, 2003-12-11 at 16:18, Fabien Chevalier wrote:
> > > I suppose it must work the same way ...
> > >
> > > Would you mind trying to add
> > > passwd backend = tdbsam ldapsam:ldap://server
> > > and try a net groupmap list?
> >
> > i just tried it, and now get the list of domain groups i would
> > expect. now the trouble is the profiles don't load properly on
> > the clients. they got logged in with a temp profile. the samba
> > logs for my test system show:
> >
> > [2003/12/11 15:17:41, 0]
> > passdb/pdb_tdb.c:tdbsam_getsampwrid(255) pdb_getsampwrid:
> > Unable to open TDB rid database!
> > [2003/12/11 15:17:57, 1] smbd/service.c:close_cnum(885)
> >   eric (192.168.1.118) closed connection to service msmith
> > [2003/12/11 15:18:20, 0]
> > passdb/pdb_tdb.c:tdbsam_getsampwrid(255) pdb_getsampwrid:
> > Unable to open TDB rid database!
> >
> > i suppose i'm getting this because we're using ldap
> > exclusively and don't use tdbsam. any ideas?
> 
> It is what i thought of...
> When using ldapsam or ldapsam_compat as first backend, you don't have access to domain
> default group mappings anymore.
> You can still create mappings for your 'classic' nt groups, but only if you know the SID of the group you
> want to map.
> 
> I don't understand why it is like this...
> 
> Fabien
> 

are you suggesting this may be a problem with samba3? because i've been
trying to resolve this issue for several days now, thinking there must
be a problem with our ldap setup. somehow, it seems strange that this
could be a problem with samba. we thought that perhaps samba didn't like
something in our ldap. surely others are able to get the ntgroups to
show correctly with ldapsam as the first  backend....otherwise, no one
would have a working samba3/ldap setup.

putting tdpsam as the first backend allows for ntgroups, but since we
don't use it, none of our profiles load if we do this. users get stuck
with temp profiles.

this is driving me bonkers:-)

--john