[Samba] still trying to get groupmap details worked through

Craig White craigwhite at azapple.com
Thu Feb 12 03:37:48 GMT 2004

Red Hat AS 3 - samba 3.0.0

I am confused by the errors in these logs - can anyone clarify, what if
anything I am doing wrong?

PDC (LDAP Master - aka linserv2) /var/log/samba/dell-4348
[2004/02/10 08:17:29, 0] groupdb/mapping.c:init_group_mapping(139)
  Failed to open group mapping database
[2004/02/10 08:17:29, 0]

BDC (LDAP Slave - aka linserv1) /var/log/samba/dell-4348
[2004/02/11 16:34:31, 0]
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(Insufficient access)smbldap_open: cannot access LDAP when not root..

Brief as possible - conf. data follows...

/etc/samba/smb.conf (PDC - LDAP master)
passdb backend = ldapsam:ldap://localhost/
ldap suffix = o=Domain,c=US
ldap passwd sync = Yes
ldap admin dn = cn=root,o=Domain,c=US

/etc/samba/smb.conf (BDC - LDAP slave)
passdb backend = ldapsam:"ldap://localhost/
ldap suffix = o=Domain,c=US
ldap passwd sync = Yes
ldap admin dn = cn=admin,o=Domain,c=US

net groupmap list (output on both PDC & BDC is the same)
Super Admin (S-1-5-21-1292501092-333717336-619646970-1512) -> root
Users All (S-1-5-21-1292501092-333717336-619646970-1500) -> users-all
Users PR (S-1-5-21-1292501092-333717336-619646970-1502) -> users-pr
Users ADV (S-1-5-21-1292501092-333717336-619646970-1503) -> users-adv
Users Acctg (S-1-5-21-1292501092-333717336-619646970-1504) ->
Users Web (S-1-5-21-1292501092-333717336-619646970-1505) -> users-web
Users Remote (S-1-5-21-1292501092-333717336-619646970-1506) ->
MTS Impersonators (S-1-5-21-1292501092-333717336-619646970-1003) -> MTS
WWW access (S-1-5-21-1292501092-333717336-619646970-1015) -> WWW access
Account Operators (S-1-5-32-548) -> Account Operators
Guests (S-1-5-32-546) -> Guests
Server Operators (S-1-5-32-549) -> Server Operators
Domain Admins (S-1-5-21-1292501092-333717336-619646970-512) -> Domain
Domain Users (S-1-5-21-1292501092-333717336-619646970-513) -> Domain
Domain Guests (S-1-5-21-1292501092-333717336-619646970-514) -> Domain
Accounting (S-1-5-21-1292501092-333717336-619646970-1008) -> Accounting
Public Relations (S-1-5-21-1292501092-333717336-619646970-1021) ->
Public Relations
Macintosh Users (S-1-5-21-1292501092-333717336-619646970-1049) ->
Macintosh Users
Administrators (S-1-5-32-544) -> Administrators
Print Operators (S-1-5-32-550) -> Print Operators
Domain Computers (S-1-5-21-1292501092-333717336-619646970-553) -> Domain
Replicator (S-1-5-32-552) -> Replicator
Backup Operators (S-1-5-32-551) -> Backup Operators

Users 'primary posix group' is users-all
Users 'primary samba group' is "Domain Users"

The user logged in at dell-4348 (typical of users) looks like this from
LDAP query:

# khageman, People, Domain, US
dn: uid=khageman,ou=People,o=Domain,c=US
gecos: System User
description: System User
displayName: Kelly Hageman
sambaPwdLastSet: 1074451596
sambaPwdCanChange: 1074451596
sambaPwdMustChange: 2147483647
sambaProfilePath: \\linserv1\profiles\khageman
sambaLogonScript: users-pr.bat
cn: Kelly Hageman
uidNumber: 1024
sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-513
sambaAcctFlags: [U          ]
mail: khageman at domain.com
sambaLMPassword: ---REMOVED----
uid: khageman
sambaHomePath: \\linserv2\homes\khageman
homeDirectory: /home/users/khageman
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaDomainName: DOMAIN
gidNumber: 1000
sambaSID: S-1-5-21-1292501092-333717336-619646970-1092
sambaNTPassword: ---REMOVED----
sn: Hageman
givenName: Kelley
loginShell: /bin/false
userPassword:: ---REMOVED----

More information about the samba mailing list