[Samba] Group Mapping problems

[Robert Rati]

When I enable logging level 5 (or even 10)), I don't see any more useful 
information.  I just see (over and over again):

ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
invalid DN (Invalid DN syntax)

But every one in a while (apparantly not related to my net groupmap 
attempts), I see this:

passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
invalid DN (Invalid DN syntax)ldapsam_search_one_group: Query was: 
"ou=Groups","dc=<domain>", 
(&(objectClass=sambaGroupMapping)(gidNumber=65534))

I'm assuming a machine on my domain is making this query (but I don't 
know why), but why is gidNumber=65534 being used for this query?  Can 
anyone shed some light as to what is going on?

I'm executing this command:

net groupmap add sid=<SID>-512 ntgroup="Domain Admins" 
unixgroup=dom_admin type=domain

Rob

Greg Dickie wrote:

> I think a debug level 5 will show you exactly what its looking for. You can do  
> "smbcontrol smbd debug 5" to set that.
> 
> hth,
> Greg
> 
> On Monday 15 December 2003 17:27, Robert Rati wrote:
> 
>>I'm trying to map my LDAP groups to Windows Groups, but I'm not having
>>any luck.  Here is a group I'm trying to map:
>>
>>dn: cn=dom_admin,ou=Groups,dc=<domain>
>>objectClass: sambaGroupMapping
>>objectClass: posixGroup
>>gidNumber: 1000
>>cn: dom_admin
>>memberUid: dom_admin
>>description: Domain Admininistrators Group
>>sambaSID: S-1-5-21-835892245-73647866-3919785651-512
>>sambaGroupType: 2
>>
>>but when I do a net groupmap command, I get this error over and over again:
>>
>>   ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
>>invalid DN (Invalid DN syntax)
>>
>>What DN syntax is being used for this search?  How do I modify it/fix
>>this problem?
>>
>>Rob
> 
>