[Samba] GROUPMAP data in LDAP?
Gémes Géza
geza at kzsdabas.sulinet.hu
Fri Apr 2 15:37:56 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ww m-pubsyssamba írta:
| Hi list,
|
| If I have multiple Samba member servers in a domain can I store the
groupmap data in LDAP? When I try this I get this error
|
| # net groupmap add ntgroup=Everyone unixgroup=nobody
| No rid or sid specified, choosing algorithmic mapping
| adding entry for group nobody failed!
|
|
| But this works correctly (creates account in LDAP server)
|
| smbpasswd -a username password
|
|
| the LDAP config in my smb.conf is as follows,
|
|
| security = ads
| encrypt passwords = yes
| idmap backend = ldap:ldap://bbcwwp-sun19.worldwide.bbc.co.uk/
| passdb backend = ldapsam:"ldap://bbcwwp-sun19.worldwide.bbc.co.uk
ldap://bbcwwp_sun21.worldwide.bbc.co.uk"
| ldap suffix = dc=worldwide,dc=bbc,dc=co,dc=uk
| ldap user suffix = ou=People
| ldap group suffix = ou=Groups
| ldap machine suffix = ou=machines,ou=Samba
| ldap idmap suffix = ou=idmap,ou=Samba
| ldap admin dn = uid=sambaadmin,ou=Special
Users,dc=worldwide,dc=bbc,dc=co,dc=uk
| ldap ssl = no
|
|
| any answers much appreciated,
|
| thanks Andy.
Sorry but it seems to me that security = ads and idmap backend and ldap
backend doesn't play nice together. In the case that you have an AD
member server you should remove anything about passdb backend and ldap
suffixes, except the idmap one. But if your server is the DC of the
Domain, you should have security = user.
Cheers,
Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAbYjU/PxuIn+i1pIRAiXlAKCINSDHqLBxgigd7wxMf66+bjr1lQCgqO+3
241APAwKWHNHX8+Ju55MzhY=
=knvT
-----END PGP SIGNATURE-----
More information about the samba
mailing list