[Samba] groupmap + ldapsam questions
Etienne Goyer
etienne.goyer at videotron.ca
Tue Nov 9 18:37:41 GMT 2004
Hi,
Two questions regarding the use of group map combined with ldapsam.
First, the Official HOWTO is relatively unclear about what need to be
done wrt to group map when using ldapsam. It state it is the
responsability of the admin to add the group map to the ldap backend,
but nothing else. What need to be in an LDAP groupmap object ? I tried
the following LDIF, and it seem to work using "net groupmap list" :
# Domain Users, Group, domain.com
dn: displayName=Domain Users,ou=Group,dc=domain,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
gidNumber: 100
description: Netbios Domain Users
sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513
sambaGroupType: 2
displayName: Domain Users
Notice that the object is not of objectClass posixAccount. Also not
that the gidNumber is the one of the "users" group, defined in
/etc/group. Similarly, I want to map the "Domain Guests" group to Unix
group nobody, and "Domain Admins" to group root. Are there implication
I should be aware of ? Any better way to achieve similar results ?
Also, I can list group map with "net groupmap list", but I fail to add
any groupmap. Example :
[root at server root]# net groupmap add ntgroup=blah unixgroup=wheel
No rid or sid specified, choosing algorithmic mapping
adding entry for group blah failed!
Logs are silent. How come ? Are we supposed to managed the group map
at the LDAP level, and forego the use of "net groupmap" for this purpose?
Thanks very much for your input !
Etienne Goyer
More information about the samba
mailing list