[Samba] GROUPMAP data in LDAP?

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Fri Apr 2 16:39:38 GMT 2004


Thanks for your reply.

Ah, the whole reason I'm using LDAP passdb backend for AD member servers is because
winbind won't work correctly in large AD domains when running on Solaris systems.
The idmap settings in my smb.conf are actually redundent, I have tried commenting
them out but this makes no difference to my problem.

Does anyone on the technical list have any comments on this, can future versions
of Samba be modified to work with this type of configuration?

		thanks Andy.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ww m-pubsyssamba írta:
| Hi list,
|
| If I have multiple Samba member servers in a domain can I store the
groupmap data in LDAP? When I try this I get this error
|
| # net groupmap add ntgroup=Everyone unixgroup=nobody
| No rid or sid specified, choosing algorithmic mapping
| adding entry for group nobody failed!
|
|
| But this works correctly (creates account in LDAP server)
|
| smbpasswd -a username password
|
|
| the LDAP config in my smb.conf is as follows,
|
|
|      security = ads
|      encrypt passwords = yes
|      idmap backend = ldap:ldap://bbcwwp-sun19.worldwide.bbc.co.uk/
|      passdb backend = ldapsam:"ldap://bbcwwp-sun19.worldwide.bbc.co.uk
ldap://bbcwwp_sun21.worldwide.bbc.co.uk"
|      ldap suffix = dc=worldwide,dc=bbc,dc=co,dc=uk
|      ldap user suffix = ou=People
|      ldap group suffix = ou=Groups
|      ldap machine suffix = ou=machines,ou=Samba
|      ldap idmap suffix = ou=idmap,ou=Samba
|      ldap admin dn = uid=sambaadmin,ou=Special
Users,dc=worldwide,dc=bbc,dc=co,dc=uk
|      ldap ssl = no
|
|
| 	any answers much appreciated,
|
| 		thanks Andy.

Sorry but it seems to me that security = ads and idmap backend and ldap
backend doesn't play nice together. In the case that you have an AD
member server you should remove anything about passdb backend and ldap
suffixes, except the idmap one. But if your server is the DC of the
Domain, you should have security = user.

Cheers,

Geza



BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.


More information about the samba mailing list