[Samba] groupmap + ldapsam questions

Etienne Goyer etienne.goyer at videotron.ca
Tue Nov 9 18:37:41 GMT 2004


Two questions regarding the use of group map combined with ldapsam.

First, the Official HOWTO is relatively unclear about what need to be 
done wrt to group map when using ldapsam.  It state it is the 
responsability of the admin to add the group map to the ldap backend, 
but nothing else.  What need to be in an LDAP groupmap object ?  I tried 
the following LDIF, and it seem to work using "net groupmap list" :

# Domain Users, Group, domain.com
dn: displayName=Domain Users,ou=Group,dc=domain,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
gidNumber: 100
description: Netbios Domain Users
sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513
sambaGroupType: 2
displayName: Domain Users

Notice that the object is not of objectClass posixAccount.  Also not 
that the gidNumber is the one of the "users" group, defined in 
/etc/group.  Similarly, I want to map the "Domain Guests" group to Unix 
group nobody, and "Domain Admins" to group root.  Are there implication 
I should be aware of ?  Any better way to achieve similar results ?

Also, I can list group map with "net groupmap list", but I fail to add 
any groupmap.  Example :

[root at server root]# net groupmap add ntgroup=blah unixgroup=wheel
No rid or sid specified, choosing algorithmic mapping
adding entry for group blah failed!

Logs are silent.  How come ?  Are we supposed to managed the group map 
at the LDAP level, and forego the use of "net groupmap" for this purpose?

Thanks very much for your input !

Etienne Goyer

More information about the samba mailing list