[Samba] Unable to get groupmap to work with LDAP
Chris.Snider at Tagtmi.com
Fri Apr 30 20:21:54 GMT 2004
I believe I have everything setup correctly on my RH9 server running Samba
3.0.3.rc1 and openLDAP 2.1.22. I can join computers to the domain and
authenticate to the domain without any problems. What I am having problems
with is trying to do a group map so Domain Admins have administrative rights
on the workstation when they login. I can get this to work on non LDAP
setups by issuing net groupmap modify ntgroup="Domain Admins"
unixgroup=ntadmins. Then when I login to the workstation as a Domain Admin
member I get administrator rights to that workstation. I followed the steps
in Chapter 6 of the Samba-3 by example book but it seems to be missing a
couple of entries which I can't figure out. I've populated my LDAP database
with IDEALX smbldap-populate. However when I login to the workstation as a
Domain Admin member I don't have administrative privileges. When I issue a
net groupmap list I get this.
[root at massive /]# net groupmap list
Domain Admins (S-1-5-21-3532146760-1190644406-3147972635-512) -> Domain
Domain Users (S-1-5-21-3532146760-1190644406-3147972635-513) -> Domain Users
Domain Guests (S-1-5-21-3532146760-1190644406-3147972635-514) -> Domain
Print Operators (S-1-5-21-3532146760-1190644406-3147972635-550) -> Print
Backup Operators (S-1-5-21-3532146760-1190644406-3147972635-551) -> Backup
Replicator (S-1-5-21-3532146760-1190644406-3147972635-552) -> Replicator
Domain Computers (S-1-5-21-3532146760-1190644406-3147972635-553) -> Domain
When I attempt to change Domain Admins I get this
[root at massive /]# net groupmap modify ntgroup="Domain Admins" unixgroup=root
[2004/04/30 14:49:47, 0]
ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database
What am I doing wrong? Where are the group mappings stored?
More information about the samba