[Samba] Samba 3.0alpha24 / OpenLDAP / support for groups broken?

Alex Meier alex_ng at ksz.ch
Mon May 26 14:19:35 GMT 2003


we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating 
the guest - user manually in the LDAP directory, everything seemed to 
work fine. However we cannot create any group. The "net group map" 
command runs without any error message, and states:

    blue# ./net groupmap add rid=999 unixgroup=syadm
    Successully added group syadm to the mapping db

Unfortunately the group was *NOT* created as "./net groupmap list" reveals:

    blue# ./net groupmap list

When running Samba without LDAP support "./net groupmap list" shows the 
build-in groups:

    blue# ./net groupmap list
    System Operators (S-1-5-32-549) -> -1
    Replicators (S-1-5-32-552) -> -1
    Guests (S-1-5-32-546) -> -1
    Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1
    Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1
    Power Users (S-1-5-32-547) -> -1
    Print Operators (S-1-5-32-550) -> -1
    Administrators (S-1-5-32-544) -> -1
    Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1
    Account Operators (S-1-5-32-548) -> -1
    Backup Operators (S-1-5-32-551) -> -1
    Users (S-1-5-32-545) -> -1

Shouldn't  "./net groupmap list" show these groups with LDAP as well? Do 
we have to create these groups manually? How? Logs from the LDAP server 
show that Samba is desperately looking for a group with gid=-1. Manually 
creating a Samba groups in the LDAP directory does *not* improve the 

Can anyone help, please?

Best regards,
    Alex Meier


More information about the samba mailing list