[Samba] Re: Regarding net groupmap

Fri Jul 9 19:39:10 GMT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Skeren wrote:

| Well, my Samba 3.0.4 is joined to a w2k AD and works fairly well so far,
| as it's not in a production environment yet.  I am now testing it for
| such a release and have encountered a permission problem.  Unless I
| chmod -R 777 the Samba share directroy, users can only read files on the
| share, including the ADS users in Domain Admins.  Reading the Samba
| online manual, I figured the groupmap function would solve this.  I did
| as the manual suggested and got teh following errors:
|
|> fskkweb# net groupmap add ntgroup="Domain Admins" unixgroup=domadm
|> No rid or sid specified, choosing algorithmic mapping

Some users and groups have fixed rid's (i.e. they are the same
everywhere).  These are all the basic well-known ones like "Guest",
"Administrator" etc.  If you look you'll find a table of these.  Search
through "The official samba 3 howto guid and reference".

You need to set the rid for a Domain Admin group.  It is 500.
net groupmap add rid=500 ntgroup="Domain Admins" unixgroup=domadm

|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb

You haven't set the password and dn that samba will use to talk to the
ldap database with in secrets.tdb file yet.
smbpasswd -w [place ldap managers password here]

|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760)
|>  ldap_connect_system: Failed to retrieve password from secrets.tdb
|> [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763)
|>  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
|> (unknown) (Invalid credentials)
|> [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260)
|>  fetch_ldap_pw: neither ldap secret retrieved!
|> adding entry for group Domain Admins failed!
|>
| This is snipped but the errors repeat over and over for several pages.
| Anyone have any thoughts.
|
| TMS III
|
|
|

- --

- -----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings at hotmail.com  AIM: WyteLi0n  ICQ: 123291844 	|
|---------------------------------------------------------------|
| Y!: j_c_llings               Jabber: jcllings at njs.netlab.cz	|
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA7vRe57L0B7uXm9oRAiyxAJ0cYU46ntgPL2OTQldWIklz/Y72LQCffjkX
JIzepd5XxJgrgSx5P0/KzRg=
=SqED
-----END PGP SIGNATURE-----