[Samba] Re: Samba entries in the LDAP tree, help!
paul k
paul at subsignal.org
Mon Oct 6 21:18:15 GMT 2003
hi ed,
wiped out your post cause something went wrong with your line wrapping,
it would have been a pain to read. Sorry for that.
To give you some Information. A typical user entry in LDAP looks like this:
# pkoelle, Users, samba, nil.b17
dn: uid=pkoelle,ou=Users,ou=samba,dc=nil,dc=b17
uid: pkoelle
sambaSID: S-1-5-21-1363009748-3475195204-773963872-3000
displayName: pkoelle
sambaAcctFlags: [U ]
objectClass: sambaSamAccount
objectClass: account
objectClass: top
sambaPrimaryGroupSID: S-1-5-21-1363009748-3475195204-773963872-512
sambaNTPassword: xxxxxxxxxxxxxxx
sambaLMPassword: xxxxxxxxxxxxxx
sambaPwdCanChange: 1065274530
sambaPwdLastSet: 1065274530
sambaPwdMustChange: 1067088930
Note that this are only (and not all) samba attributes and
objectclasses, there have to be a corresponding posixAccount somewhere
in the DIT accessible by getent().
And a group:
# NTdomadms, groups, samba, nil.b17
dn: cn=NTdomadms,ou=groups,ou=samba,dc=nil,dc=b17
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: NTdomadms
gidNumber: 10008
sambaSID: S-1-5-21-1363009748-3475195204-773963872-512
sambaGroupType: 2
displayName: Domain Administrators
memberUid: NTadmin
memberUid: pkoelle
This is basically a normal posixGroup, augmented by the
sambaGroupmapping attributes sambaSID, sambaGroupType and displayName.
Note that the SID is set to the "well known SID" of "Domain
Administrators" group. You may use the "net groupmap" set of commands to
get this mapping or populate your DIT from appropriate LDIF's.
It would be helpful to see the ldap related lines of your smb.conf, and
a few error messages (from net groupmap) or logs.
hth
Paul
More information about the samba
mailing list