[Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6

Chris Slack christopher.slack at mercyships.org
Mon Mar 15 13:58:34 GMT 2004

Hello all,

I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for
my user/group authentication backend.  So far everything seems to be working
properly, I can join the domain from a Win2k PC, login via an account
created with smbldap-useradd.pl, map my home directory, run the proper login
script, etc.  However, with all of that working I'm still having
difficulties getting group mapping to work.

I've run through the steps in the Samba HOWTO manual and tried everything
else I could find on the web but I'm stumped at this point.

When I type:

    net groupmap list

I get nothing, when I type:

    net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="Domain

I get the message "adding entry for group Domain Admins failed!".  I've
tried several permutations of this using different groups, I've tried adding
groups to the local /etc/group file to see if it was having an issue with
LDAP, but nothing seems to help.  I can't seem to find anyone else who has
had this problem and like I said, everything else is working fine.  Attached
to the bottom of this message is a dump from testparm with the details of my
/etc/samba/smb.conf file.

Please let me know if anyone can give me any suggestions.


Chris Slack
IT System Administrator
Mercy Ships
M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa


[root at herm2 /etc]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[nobody]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
        workgroup = CHANNEL
        server string = Samba Server
        null passwords = Yes
        passdb backend = ldapsam:ldap://
        passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
        passwd chat = *New*password* %n\n *ReType*new*password* %n\n
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g 553 -s /bin/false %u
        add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g 553 -s /bin/false %u
        logon script = login.js
        logon path = \\%L\Profiles\%U
        logon drive = X:
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap port = 389
        ldap suffix = "ou=MSAN,dc=ana,dc=mercyships,dc=org"
        ldap admin dn = "cn=Manager,dc=ana,dc=mercyships,dc=org"
        ldap ssl = no

        comment = Home Directories
        read only = No
        browseable = No

        comment = to prevent from user nobody from having a home share
        path = /dev/null
        browseable = No

        comment = Network Logon Service
        path = /msu/netlogon
        browseable = No
        share modes = No
        root preexec = /usr/local/bin/mkuserconfig.pl %U
        root postexec = rm /msu/netlogon/%U.conf

        path = /msu1/Profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        browseable = No

More information about the samba mailing list