[Samba] uncovering groupmap problems

Craig White craigwhite at azapple.com
Mon Dec 22 17:41:07 GMT 2003


> >I see in this desciption that root is in sub-tree ou=Group and Domain Users is in sub-tree ou=Groups, it's normal or not ?
> ----
> Yes, that is how I thought it was supposed to work.
>
> Thus all of the group info migrated from /etc/group went into ou=Group
>
> and all of the group info migrated from smbldap-populate.pl and
> hence-forth via LDAP assignments went into ou=Groups
>
----
OK - I guess I now have to clarify one final thought. Apparently Linux
stores 'groups' in a named called 'group' and Samba pictures things as
'groups'

Thinking that my target is a single structure in LDAP for authentication
for both Samba and other posix services it doesn't make sense to have
both. 

My initial foray had me changing everything (samba smbldap_conf.pm,
nsswitch/ldap.conf, smb.conf into Group ou and it seemed to work but
since I need to have a domain_trust relationship with another WindowsNT
driven domain, it seemed that the ou Groups would provide symmetry and
user in the 'Accounting' Groups on the LinDomain would be accepted by
the WinDomain as also Accounting (perhaps the RID needed to match -
which brings up a whole 'nother security issue right?)

Craig



More information about the samba mailing list