[Samba] Groups and LDAP
Robert Rati
Robert.Rati at motorola.com
Thu Nov 20 18:00:03 GMT 2003
I'm a little weak on how the groups assignments work with Samba and
LDAP. The Samba HOWTO collection says to map each Domain Group to a
UNIX system group, but if all authentication is done via LDAP (Unix and
Windows) then do the groups still have to exist on the Samba Unix
machine? Where do the RIDs fit into all this? I don't see a schema in
LDAP for sambaGroup. Do I create the domain groups with the posixGroup
schema and set their gid to a RID that will exist on the Windows machine
(like 512 for Domain Admins)? Or do I just bypass the group mapping
altogether and set a Domain Admins sambaPrimaryGroupSID to <SID>-512?
Any help on this would be very helpful, as I think I'm confusing myself.
Rob
More information about the samba
mailing list