[Samba] Re: Samba entries in the LDAP tree, help!

paul k paul at subsignal.org
Mon Oct 6 21:18:15 GMT 2003

hi ed,

wiped out your post cause something went wrong with your line wrapping, 
it would have been a pain to read. Sorry for that.

To give you some Information. A typical user entry in LDAP looks like this:

# pkoelle, Users, samba, nil.b17
dn: uid=pkoelle,ou=Users,ou=samba,dc=nil,dc=b17
uid: pkoelle
sambaSID: S-1-5-21-1363009748-3475195204-773963872-3000
displayName: pkoelle
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account
objectClass: top
sambaPrimaryGroupSID: S-1-5-21-1363009748-3475195204-773963872-512
sambaNTPassword: xxxxxxxxxxxxxxx
sambaLMPassword: xxxxxxxxxxxxxx
sambaPwdCanChange: 1065274530
sambaPwdLastSet: 1065274530
sambaPwdMustChange: 1067088930

Note that this are only (and not all) samba attributes and 
objectclasses, there have to be a corresponding posixAccount somewhere 
in the DIT accessible by getent().

And a group:

# NTdomadms, groups, samba, nil.b17
dn: cn=NTdomadms,ou=groups,ou=samba,dc=nil,dc=b17
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: NTdomadms
gidNumber: 10008
sambaSID: S-1-5-21-1363009748-3475195204-773963872-512
sambaGroupType: 2
displayName: Domain Administrators
memberUid: NTadmin
memberUid: pkoelle

This is basically a normal posixGroup, augmented by the 
sambaGroupmapping attributes sambaSID, sambaGroupType and displayName. 
Note that the SID is set to the "well known SID" of "Domain 
Administrators" group. You may use the "net groupmap" set of commands to 
get this mapping or populate your DIT from appropriate LDIF's.

It would be helpful to see the ldap related lines of your smb.conf, and 
a few error messages (from net groupmap) or logs.


More information about the samba mailing list