[Samba] samba3/ldap/net groupmap fails

John Campbell jcampbell at max-t.com
Fri Dec 12 16:25:50 GMT 2003 

thanks for responding. scroll down for response....

On Fri, 2003-12-12 at 03:25, Beast wrote:
> Friday, December 12, 2003, 6:17:30 AM, John wrote:
> 
> >>
> >> I don't understand why it is like this...
> >> 
> >> Fabien
> >> 
> 
> > are you suggesting this may be a problem with samba3? because i've been
> > trying to resolve this issue for several days now, thinking there must
> > be a problem with our ldap setup. somehow, it seems strange that this
> > could be a problem with samba. we thought that perhaps samba didn't like
> > something in our ldap. surely others are able to get the ntgroups to
> > show correctly with ldapsam as the first  backend....otherwise, no one
> > would have a working samba3/ldap setup.
> 
> > putting tdpsam as the first backend allows for ntgroups, but since we
> > don't use it, none of our profiles load if we do this. users get stuck
> > with temp profiles.
> 
> > this is driving me bonkers:-)
> 
> Hi,
> 
> 1. you must create group mapping manually.
> 2. unix group you've assigning to "Domain Admins" MUST be in ldap (not
> in /etc/group).

the unix group *does* exist in ldap. i've attempted groupmapping with
the correct syntax, and always get something like this:

2003/12/12 11:22:01, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1769)
  ldapsam_getgroup: Did not find group
[2003/12/12 11:22:01, 2]
passdb/pdb_ldap.c:ldapsam_search_one_group(1624)
  ldapsam_search_one_group: searching
for:[(&(objectClass=posixGroup)(gidNumber=600))]
adding entry for group Domain Admins failed!
[2003/12/12 11:22:01, 2] utils/net.c:main(758)
  return code = -1

unfortunately, i'm no further ahead. your suggestion is much
appreciated, though. thank you.

--john 


> 
> ie.
> 
> root# net groupmap modify rid=512 -d1 ntgroup="Domain Admins"
> unixgroup=domadmin
> 
> the domadmin group must be stored in ldap, not /etc/group.
> 
> 
> i found lot of typo or incorrect info in smb howto collection, i've
> ordering the printable version on amazon, hopefully it has different
> content than the online version.
> 
> > --john  
> 
> 
> 
> 
> --beast 
>

More information about the samba mailing list