[Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6

Clint Sharp clint at typhoon.org
Mon Mar 15 21:52:16 GMT 2004


On Mon, 15 Mar 2004, Chris Slack wrote:

> Hello all,
> 
> I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for
> my user/group authentication backend.  So far everything seems to be working
> properly, I can join the domain from a Win2k PC, login via an account
> created with smbldap-useradd.pl, map my home directory, run the proper login
> script, etc.  However, with all of that working I'm still having
> difficulties getting group mapping to work.
> 
> I've run through the steps in the Samba HOWTO manual and tried everything
> else I could find on the web but I'm stumped at this point.
> 
> When I type:
> 
>     net groupmap list
> 
> I get nothing, when I type:
> 
>     net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="Domain
> Admins"
> 
> I get the message "adding entry for group Domain Admins failed!".  I've
> tried several permutations of this using different groups, I've tried adding
> groups to the local /etc/group file to see if it was having an issue with
> LDAP, but nothing seems to help.  I can't seem to find anyone else who has
> had this problem and like I said, everything else is working fine.  Attached
> to the bottom of this message is a dump from testparm with the details of my
> /etc/samba/smb.conf file.
> 
> Please let me know if anyone can give me any suggestions.
> 
> Thanks,
> 
> Chris Slack
> IT System Administrator
> Mercy Ships
> M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa
> www.mercyships.org
> 

Chris,

What do your LDAP logs show samba is sending as the queries?  In the past 
when I've had this problem it was related to my ldap suffix.  User queries 
worked, but group queries did not (I had groups in a seperate ou from 
users).  However, your user and group suffixes are not set in your 
smb.conf, so it's not the exact same problem I had.  Please send me the 
output from a:

net -d3 groupmap list

Clint



More information about the samba mailing list