[Samba] groupmap + ldapsam questions
etienne.goyer at videotron.ca
Tue Nov 9 18:37:41 GMT 2004
Two questions regarding the use of group map combined with ldapsam.
First, the Official HOWTO is relatively unclear about what need to be
done wrt to group map when using ldapsam. It state it is the
responsability of the admin to add the group map to the ldap backend,
but nothing else. What need to be in an LDAP groupmap object ? I tried
the following LDIF, and it seem to work using "net groupmap list" :
# Domain Users, Group, domain.com
dn: displayName=Domain Users,ou=Group,dc=domain,dc=com
description: Netbios Domain Users
displayName: Domain Users
Notice that the object is not of objectClass posixAccount. Also not
that the gidNumber is the one of the "users" group, defined in
/etc/group. Similarly, I want to map the "Domain Guests" group to Unix
group nobody, and "Domain Admins" to group root. Are there implication
I should be aware of ? Any better way to achieve similar results ?
Also, I can list group map with "net groupmap list", but I fail to add
any groupmap. Example :
[root at server root]# net groupmap add ntgroup=blah unixgroup=wheel
No rid or sid specified, choosing algorithmic mapping
adding entry for group blah failed!
Logs are silent. How come ? Are we supposed to managed the group map
at the LDAP level, and forego the use of "net groupmap" for this purpose?
Thanks very much for your input !
More information about the samba