[Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6

Ganael Laplanche ganael.laplanche at martymac.com
Tue Mar 16 15:08:40 GMT 2004 

Hi,

Didn't you forget to create a posixGroup entry for the group you're trying to add ?

1 - Create your group in /etc/group
groupadd somegroup

2 - Add this entry to your Ldap directory :

dn: cn=somegroup,ou=Groups,dc=domain,dc=com
objectClass: posixGroup
cn: somegroup
gidNumber: 1003

(modify the dn and gid to match your needs...)

Once this entry added, you should be able to map "somegroup" to any Windows group...

Good luck,

Ganaël LAPLANCHE
ganael.laplanche at martymac.com
http://www.martymac.com
Tel : (+33)6.84.03.57.24.

---------- Original Message -----------
From: "Chris Slack" <christopher.slack at mercyships.org>
To: <samba at lists.samba.org>
Sent: Mon, 15 Mar 2004 13:58:34 -0000
Subject: [Samba] Group Mapping Problems with Samba 3.0.2a & OpenLDAP 2.2.6

> Hello all,
> 
> I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 
> for my user/group authentication backend.  So far everything seems to 
> be working properly, I can join the domain from a Win2k PC, login via 
> an account created with smbldap-useradd.pl, map my home directory, run 
> the proper login script, etc.  However, with all of that working I'm 
> still having difficulties getting group mapping to work.
> 
> I've run through the steps in the Samba HOWTO manual and tried everything
> else I could find on the web but I'm stumped at this point.
> 
> When I type:
> 
>     net groupmap list
> 
> I get nothing, when I type:
> 
>     net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="Domain
> Admins"
> 
> I get the message "adding entry for group Domain Admins failed!".  I've
> tried several permutations of this using different groups, I've tried adding
> groups to the local /etc/group file to see if it was having an issue with
> LDAP, but nothing seems to help.  I can't seem to find anyone else who 
> has had this problem and like I said, everything else is working fine. 
>  Attached to the bottom of this message is a dump from testparm with 
> the details of my /etc/samba/smb.conf file.
> 
> Please let me know if anyone can give me any suggestions.
> 
> Thanks,
> 
> Chris Slack
> IT System Administrator
> Mercy Ships
> M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa
> www.mercyships.org
> 
> ----------------------------------------------------------------------------
> --------------------------------------------------------
> 
> [root at herm2 /etc]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[nobody]"
> Processing section "[netlogon]"
> Processing section "[Profiles]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>         workgroup = CHANNEL
>         server string = Samba Server
>         null passwords = Yes
>         passdb backend = ldapsam:ldap://127.0.0.1/
>         passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
>         passwd chat = *New*password* %n\n *ReType*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>         unix password sync = Yes
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add user script = /usr/local/sbin/smbldap-useradd.pl -m -d
> /dev/null -g 553 -s /bin/false %u
>         add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d
> /dev/null -g 553 -s /bin/false %u
>         logon script = login.js
>         logon path = \\%L\Profiles\%U
>         logon drive = X:
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap port = 389
>         ldap suffix = "ou=MSAN,dc=ana,dc=mercyships,dc=org"
>         ldap admin dn = "cn=Manager,dc=ana,dc=mercyships,dc=org"
>         ldap ssl = no
> 
> [homes]
>         comment = Home Directories
>         read only = No
>         browseable = No
> 
> [nobody]
>         comment = to prevent from user nobody from having a home share
>         path = /dev/null
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /msu/netlogon
>         browseable = No
>         share modes = No
>         root preexec = /usr/local/bin/mkuserconfig.pl %U
>         root postexec = rm /msu/netlogon/%U.conf
> 
> [Profiles]
>         path = /msu1/Profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         guest ok = Yes
>         browseable = No
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
------- End of Original Message -------

More information about the samba mailing list