[Samba] PDC + LDAP group mappings

David Sonenberg dsonenberg at strozllc.com
Thu Dec 30 18:28:15 GMT 2004


So I gave it try but it didn't work.  Here's the output.

net groupmap add ntgroup="Domain Admin" unixgroup=ntadmin -d 4

[2004/12/30 13:12:06, 3] param/loadparm.c:lp_load(3902)
  lp_load: refreshing parameters
[2004/12/30 13:12:06, 3] param/loadparm.c:init_globals(1312)
  Initialising global parameters
[2004/12/30 13:12:06, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/12/30 13:12:06, 3] param/loadparm.c:do_section(3395)
  Processing section "[global]"
  doing parameter interfaces = eth0 10.1.0.143/24
  doing parameter workgroup = STROZTEST
  doing parameter netbios name = AUTH
[2004/12/30 13:12:06, 4] param/loadparm.c:handle_netbios_name(2740)
  handle_netbios_name: set global_myname to: AUTH
  doing parameter passdb backend = ldapsam:ldaps://10.1.0.143:636
  doing parameter username map = /etc/samba/smbusers
  doing parameter printcap name = cups
  doing parameter add user script =
/usr/local/samba/sbin/smbldap-useradd.pl -m '%u'
  doing parameter delete user script =
/usr/local/samba/sbin/smbldap-userdel.pl %u
  doing parameter add group script =
/usr/local/samba/sbin/smbldap-groupadd.pl -p '%g'
  doing parameter delete group script =
/usr/local/samba/sbin/smbldap-groupdel.pl '%g'
  doing parameter add user to group script = /usr/local/samba/sbin/
smbldap-groupmod.pl -m '%g' '%u'
  doing parameter delete user from group script = /usr/local/samba/sbin/
smbldap-groupmod.pl -x '%g' '%u'
  doing parameter set primary group script = /usr/local/samba/sbin/
smbldap-usermod.pl -g '%g' '%u'
  doing parameter add machine script =
/usr/local/samba/sbin/smbldap-useradd.pl -w '%u'
  doing parameter domain logons = Yes
  doing parameter os level = 35
  doing parameter preferred master = Yes
  doing parameter domain master = Yes
  doing parameter local master = Yes
  doing parameter ldap suffix = dc=strozllc,dc=com
  doing parameter ldap machine suffix = ou=People
  doing parameter ldap user suffix = ou=People
  doing parameter ldap group suffix = ou=People
  doing parameter ldap idmap suffix = ou=People
  doing parameter ldap admin dn = cn=Manager,dc=strozllc,dc=com
  doing parameter ldap ssl = yes
  doing parameter ldap passwd sync = Yes
  doing parameter idmap uid = 15000-20000
  doing parameter idmap gid = 15000-20000
  doing parameter winbind separator = +
[2004/12/30 13:12:06, 4] param/loadparm.c:lp_load(3933)
  pm_process() returned Yes
[2004/12/30 13:12:06, 3] lib/util.c:interpret_addr(1135)
  sys_gethostbyname: Unknown host. eth0
[2004/12/30 13:12:06, 2] lib/interface.c:interpret_interface(128)
  can't determine netmask for eth0
[2004/12/30 13:12:06, 2] lib/interface.c:add_interface(79)
  added interface ip=10.1.0.143 bcast=10.1.0.255 nmask=255.255.255.0
[2004/12/30 13:12:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
  Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=STROZTEST))]
[2004/12/30 13:12:06, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2004/12/30 13:12:06, 3] lib/smbldap.c:smbldap_connect_system(858)
  ldap_connect_system: succesful connection to the LDAP server
[2004/12/30 13:12:06, 4] lib/smbldap.c:smbldap_open(909)
  The LDAP server is succesfully connected
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2117)
  ldapsam_getgroup: Did not find group
[2004/12/30 13:12:06, 2] utils/net.c:main(859)
  return code = -1


David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane, Suite 1208
New York, NY  10038
212.981.6527 (o)  |  917.495.4918 (c)

-----Original Message-----
From: Adam Tauno Williams [mailto:adam at morrison-ind.com] 
Sent: Thursday, December 30, 2004 12:42 PM
To: David Sonenberg
Cc: samba at lists.samba.org
Subject: Re: [Samba] PDC + LDAP group mappings

> Alright now that samba can talk to LDAP I have a blank slate.  I know 
> I need to setup group mappings, but I'm a little confused about this.
> Since it's an ldap backend do the groups need to have unix
counterparts?

Yes, it is group mapping; you must have group to map to.

> Should I use the net groupmap command to add the mappings or should I 
> use an LDIF file?

You must use net groupmap unless you want to calculate the SIDs/RIDs
yourself.



More information about the samba mailing list