[Samba] re:ldap group mapping problems

John H. mrmailer at myway.com
Tue Jan 27 05:25:41 GMT 2004

well, they both have the same sid, for some bizarre reason.

net groupmap list -s /etc/samba/smb.ldap |grep "Admin"
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> 512
Administrators (S-1-5-21-4070452498-3149834983-2923667569-544) -> 544
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> ntadmin

and see, it has a posixgroup entry?

# LDIF Export for: cn=Domain Power Users,ou=Group,dc=INTRANET
# Generated by phpLDAPadmin on January 26, 2004 11:19 pm
# Server: LROL LDAP Server (
# Search Scope: base
# Total entries: 1
# Entry 1: cn=Domain Power Users,ou=Group,dc=INTRANET
dn: cn=Domain Power Users,ou=Group,dc=INTRANET
objectClass: posixGroup
gidNumber: 513
cn: Domain Power Users

which I am trying to map to this
# Entry 1: cn=users,ou=Group,dc=INTRANET
dn: cn=users,ou=Group,dc=INTRANET
cn: users
userPassword: {crypt}x
gidNumber: 539
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
phpgwAccountStatus: A
phpgwAccountType: g
phpgwAccountExpires: -1

so users in "users" will have, obviously, Domain Power User status on NT machines(this is the way I had it setup with smbpasswd

 --- On Mon 01/26, Gerald (Jerry) Carter < jerry at samba.org > wrote:
From: Gerald (Jerry) Carter [mailto: jerry at samba.org]
To: mrmailer at myway.com
     Cc: samba at lists.samba.org
Date: Mon, 26 Jan 2004 20:17:28 -0600 (CST)
Subject: Re: [Samba] net: ../../../libraries/liblber/decode.c...

-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>On Mon, 26 Jan 2004, John H. wrote:<br><br>> i thought i had, but apparently not, so i did that and this is what i<br>> have now(as you can see, there are two entries)<br>><br>> net groupmap list -s /etc/samba/smb.ldap<br>> Power Users (S-1-5-21-4070452498-3149834983-2923667569-547) -> 547<br>....<br>> is that ok?<br><br>As long as you remember that different SIDs == different groups from a<br>Windows client perspective.<br><br>> I wanted to add Domain Power users, and did this...<br>><br>><br>> net groupmap add ntgroup="Domain Power Users" \<br>>   unixgroup=users \<br>>   sid=S-1-5-21-4070452498-3149834983-2923667569-1201 \<br>>   -s /etc/samba/smb.ldap<br>><br>> adding entry for group Domain Power Users failed!<br><br>If you don't have a posixGroup entry in you LDAP Directory, then <br>the add will fail.  We don't support mapping an LDAP entry to a <br>local UNIX group.  It all has to be in the directory service.<br><br><br><br><br><br><br>cheers, jerry<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.2.0 (GNU/Linux)<br>Comment: For info see http://quantumlab.net/pine_privacy_guard/<br><br>iD8DBQFAFco9IR7qMdg1EfYRApDBAJ9oX0mUUIUx8IJoiSpksenkavdxkgCfRxxG<br>9Aed+P2m4WeKhrPPLgS3qYc=<br>=Wu3d<br>-----END PGP SIGNATURE-----<br><br>

No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

More information about the samba mailing list