[Samba] Re: group add and groupmap with ldapsam
Jim C.
jcllings at javahop.com
Fri Jul 9 19:29:35 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Have you used this yet?:
smbpasswd -w [place managers password here]
If I were you, I would let smbldap-populate sort out the built-in and
well-known users and groups. Be warned of the following when useing
these however:
I've found that smbldap-populate REQUIRES settings for userSmbHome and
userProfile but the scripts are not flexible enough to properly deal
with these settings anyway. In the short term, this is just a problem
with the Administrator account as it is the only user added by
smbldap-populate. The rest are all group maps. What I do is set
userSmbHome and userProfile in smbldap_conf.pm to something, run
smbldap-populate, fix the broken userSmbHome and userProfile in the
Administrator's users account record using gq and then comment
userSmbHome and userProfile out in smbldap_conf.pm. This means that
future users will have blank settings for these and so the default
settings in smb.conf will be used instead. Note that on my setup ALL
users have blank userSmbHome and userProfile settings so that the
defaults will be used.
When you run the script you may get errors because somethings have
already been created. This is fine *if* they were created properly:
| [root at enigma samba]# smbldap-populate
| Using builtin directory structure
| adding new entry: dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323, <GEN1
|> line 2.
| adding new entry: ou=People,dc=j9starr,dc=net
| failed to add entry: Already exists at /usr/bin/smbldap-populate line
323, <GEN1
|> line 3.
...
So it tried to create the base "dc=j9starr,dc=net" and then it tried to
create ou=People,dc=j9starr,dc=net but it failed because I've already
got those set up.
After this, all you have to remember is that users must belong to the
"Domain Users" group and that administrators belong to the "Domain
Admins" group.
If you are not using it, make sure you comment out this line in smb.conf:
~ username map = /etc/samba/smbusers
If you are using it, be warned that you don't want to re-map any of the
newly created accounts or groups. You'll get errors. I think this map
is really just for folks who want to use files for storeing users, anyway.
Jim C.
andreas burger wrote:
| hello,
|
| trying to set up an pdc with 3.0.4 on solaris with openldap
|
| creating groups and adding groupmaps does not work.
|
| net group add asks the password for the ldap-manager, comes back without
| any message, but the group does not exist after that.
|
| if i try to make a groupmap without adding a wingroup first, the result
| is the following (no question for the password!)
|
| /usr/local/samba/bin/net groupmap add ntgroup=ttgruppe unixgroup=tt
| type=d rid=552
| [2004/07/09 11:12:18, 3] param/loadparm.c:lp_load(3877)
| lp_load: refreshing parameters
| ...
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
| ldapsam_getgroup: Did not find group
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
| ldapsam_getgroup: Did not find group
| [2004/07/09 11:12:18, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
| ldapsam_getgroup: Did not find group
| adding entry for group ttgruppe failed!
| [2004/07/09 11:12:18, 2] utils/net.c:main(792)
| return code = -1
|
| unix-passwd-base ist nis+
|
|
| snipp from samba-conf:
| ...
| passdb backend = ldapsam:ldaps://localhost
| ldap admin dn = "cn=Manager,dc=agrl,dc=ethz"
| ldap idmap suffix =
| ldap group suffix = ou=groups
| ldap user suffix = ou=people
| ldap machine suffix =
| ldap suffix = dc=agrl,dc=ethz
|
|
| so first: any hints?
|
| and second: i still searching a detailed description about
| groups in a samba-pdc-domain.
|
|
| thanks for any hint andreas
|
|
|
|
|
- --
- -----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings at hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings at njs.netlab.cz |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7vIf57L0B7uXm9oRAhm+AJ9XDJotbWZuPSyXMx2OzD3eM3oPbwCfbFsO
7hZUiBqdXeVHULRYgH2qhUw=
=LEqn
-----END PGP SIGNATURE-----
More information about the samba
mailing list