[Samba] Re: Samba 3.0alpha24 / OpenLDAP / support for groups broken?

Tang tang at inesc-macau.org.mo
Tue May 27 09:57:46 GMT 2003


Make sure you have the posixGroup on LDAP.

And in smb.conf, put
passdb backend = ldapsam guest

Then try as follows:
# net groupmap add rid=1000 unixgroup=domstaff type=domain ntgroup="Staff"

Regards,
tang.

Alex Meier wrote:
> Hello!
> 
> we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating 
> the guest - user manually in the LDAP directory, everything seemed to 
> work fine. However we cannot create any group. The "net group map" 
> command runs without any error message, and states:
> 
>    blue# ./net groupmap add rid=999 unixgroup=syadm
>    Successully added group syadm to the mapping db
> 
> Unfortunately the group was *NOT* created as "./net groupmap list" reveals:
> 
>    blue# ./net groupmap list
>    blue#
> 
> When running Samba without LDAP support "./net groupmap list" shows the 
> build-in groups:
> 
>    blue# ./net groupmap list
>    System Operators (S-1-5-32-549) -> -1
>    Replicators (S-1-5-32-552) -> -1
>    Guests (S-1-5-32-546) -> -1
>    Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1
>    Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1
>    Power Users (S-1-5-32-547) -> -1
>    Print Operators (S-1-5-32-550) -> -1
>    Administrators (S-1-5-32-544) -> -1
>    Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1
>    Account Operators (S-1-5-32-548) -> -1
>    Backup Operators (S-1-5-32-551) -> -1
>    Users (S-1-5-32-545) -> -1
> 
> Shouldn't  "./net groupmap list" show these groups with LDAP as well? Do 
> we have to create these groups manually? How? Logs from the LDAP server 
> show that Samba is desperately looking for a group with gid=-1. Manually 
> creating a Samba groups in the LDAP directory does *not* improve the 
> situtation.
> 
> Can anyone help, please?
> 
> Best regards,
>    Alex Meier
> 
>  





More information about the samba mailing list