[Samba] problems with group mappings with ldap

John H. mrmailer at myway.com
Tue Jan 27 00:44:01 GMT 2004


the weirdness continues

 net groupmap modify ntgroup="Domain Admins" unixgroup="ntadmin"
NT Group Domain Admins doesn't exist in mapping DB




 --- On Mon 01/26, John H. < mrmailer at myway.com > wrote:
From: John H. [mailto: mrmailer at myway.com]
To: samba at lists.samba.org
Date: Mon, 26 Jan 2004 17:40:49 -0500 (EST)
Subject: Re: [Samba] net: ../../../libraries/liblber/decode.c:644: ber_scanf: Assertion `((ber)->ber_opts.lbo_valid==0x2)' failed.

<br>i thought i had, but apparently not, so i did that and this is what i have now(as you can see, there are two entries)<br><br><br>net groupmap list -s /etc/samba/smb.ldap<br>Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> 512<br>Domain Guests (S-1-5-21-4070452498-3149834983-2923667569-514) -> 514<br>Administrators (S-1-5-21-4070452498-3149834983-2923667569-544) -> 544<br>Guests (S-1-5-21-4070452498-3149834983-2923667569-546) -> 546<br>Power Users (S-1-5-21-4070452498-3149834983-2923667569-547) -> 547<br>Account Operators (S-1-5-21-4070452498-3149834983-2923667569-548) -> 548<br>Server Operators (S-1-5-21-4070452498-3149834983-2923667569-549) -> 549<br>Print Operators (S-1-5-21-4070452498-3149834983-2923667569-550) -> 550<br>Backup Operators (S-1-5-21-4070452498-3149834983-2923667569-551) -> 551<br>Replicator (S-1-5-21-4070452498-3149834983-2923667569-552) -> 552<br>Domain Computers (S-1-5-21-4070452498-3149834983-2923667569-553) -> 553<br>Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> ntadmin<br><br><br>is that ok?<br><br>I wanted to add Domain Power users, and did this...<br><br><br> net groupmap add ntgroup="Domain Power Users" unixgroup=users sid=S-1-5-21-4070452498-3149834983-2923667569-1201 -s /etc/samba/smb.ldap<br><br>adding entry for group Domain Power Users failed!<br><br><br>debugging says...(do i need to add it another way?)<br><br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(431)<br>  Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1 (ldapsam)<br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(452)<br>  Found pdb backend ldapsam<br>[2004/01/26 16:40:21, 2] lib/smbldap.c:smbldap_search_domain_info(1295)<br>  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LAMP))]<br>[2004/01/26 16:40:21, 2] lib/smbldap.c:smbldap_search_suffix(1066)<br>  smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LAMP))]<br>[2004/01/26 16:40:21, 10] lib/smbldap.c:smbldap_open_connection(527)<br>  smbldap_open_connection: ldap://127.0.0.1<br>[2004/01/26 16:40:21, 2] lib/smbldap.c:smbldap_open_connection(623)<br>  smbldap_open_connection: connection opened<br>[2004/01/26 16:40:21, 10] lib/smbldap.c:smbldap_connect_system(750)<br>  ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=Manager,dc=INTRANET"<br>[2004/01/26 16:40:21, 3] lib/smbldap.c:smbldap_connect_system(785)<br>  ldap_connect_system: succesful connection to the LDAP server<br>[2004/01/26 16:40:21, 4] lib/smbldap.c:smbldap_open(836)<br>  The LDAP server is succesful connected<br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(455)<br>  pdb backend ldapsam:ldap://127.0.0.1 has a valid init<br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(431)<br>  Attempting to find an passdb backend to match guest (guest)<br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(452)<br>  Found pdb backend guest<br>[2004/01/26 16:40:21, 5] passdb/pdb_interface.c:make_pdb_methods_name(455)<br>  pdb backend guest has a valid init<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] pas
 sdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group
 : searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=100))]<br>[2004/01/26 16:40:21, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1742)<br>  ldapsam_getgroup: Did not find group<br>[2004/01/26 16:40:21, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)<br>  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=100))]<br>[2004/01/26 16:40:21, 10] intl/lang_tdb.c:lang_tdb_init(135)<br>adding entry for group Domain Power Users failed!<br>  lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directoryreturn code = -1<br><br><br><br><br> --- On Mon 01/26, Gerald (Jerry) Carter < jerry at samba.org > wrote:<br>From: Gerald (Jerry) Carter [mailto: jerry at samba.org]<br>To: mrmailer at myway.com<br>     Cc: samba at lists.samba.org<br>Date: Mon, 26 Jan 2004 16:27:49 -0600<br>Subject: Re: [Samba] net: ../../../libraries/liblber/decode.c:644: ber_scanf: Assertion `((ber)->ber_opts.lbo_valid==0x2)' failed.<br><br>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>John H. wrote:<br><br>| net-3.2 groupmap modify ntgroup="Domain Admins" unixgroup="ntadmin"<br>|   -s /etc/samba/smb.ldap<br>|   ldapsam_update_group_mapping_entry: failed to<br>|   modify group 504 error: attribute 'sambaSID' not<br>|   allowed (Object class violation)<br>|   Could not update group database<br><br>Do you already have a group mapping in LDAP ?  If not,<br>use 'net groupmap add' instead of modify.<br><br><br><br><br>cheers, jerry<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.2.1 (GNU/Linux)<br>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org<br><br>iD8DBQFAFZRlIR7qMdg1EfYRAkeOAJ9mDl2xJxO9JQ44xrtJQHDINth6lgCcCenf<br>KcE/o0YF616z7BDWUM0QmNQ=<br>=3Uun<br>-----END PGP SIGNATURE-----<br><br><br><br>_______________________________________________<br>No banners. No pop-ups. No kidding.<br>Introducing My Way - http://www.myway.com<br>-- <br>To unsubscribe from this list go to the following URL and read the<br>instructions:  http://lists.samba.org/mailman/listinfo/samba<br>

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com


More information about the samba mailing list