[Samba] Unable to get groupmap to work with LDAP

Chris Snider Chris.Snider at Tagtmi.com
Fri Apr 30 20:21:54 GMT 2004

I believe I have everything setup correctly on my RH9 server running Samba
3.0.3.rc1 and openLDAP 2.1.22.  I can join computers to the domain and
authenticate to the domain without any problems.  What I am having problems
with is trying to do a group map so Domain Admins have administrative rights
on the workstation when they login.  I can get this to work on non LDAP
setups by issuing net groupmap modify ntgroup="Domain Admins"
unixgroup=ntadmins.  Then when I login to the workstation as a Domain Admin
member I get administrator rights to that workstation.  I followed the steps
in Chapter 6 of the Samba-3 by example book but it seems to be missing a
couple of entries which I can't figure out.  I've populated my LDAP database
with IDEALX smbldap-populate.  However when I login to the workstation as a
Domain Admin member I don't have administrative privileges.  When I issue a
net groupmap list I get this.

[root at massive /]# net groupmap list
Domain Admins (S-1-5-21-3532146760-1190644406-3147972635-512) -> Domain
Domain Users (S-1-5-21-3532146760-1190644406-3147972635-513) -> Domain Users
Domain Guests (S-1-5-21-3532146760-1190644406-3147972635-514) -> Domain
Print Operators (S-1-5-21-3532146760-1190644406-3147972635-550) -> Print
Backup Operators (S-1-5-21-3532146760-1190644406-3147972635-551) -> Backup
Replicator (S-1-5-21-3532146760-1190644406-3147972635-552) -> Replicator
Domain Computers (S-1-5-21-3532146760-1190644406-3147972635-553) -> Domain

When I attempt to change Domain Admins I get this
[root at massive /]# net groupmap modify ntgroup="Domain Admins" unixgroup=root
[2004/04/30 14:49:47, 0]
  ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database

What am I doing wrong?  Where are the group mappings stored?


More information about the samba mailing list