[Samba] Re: Re: Groupmapping doesn't work

jamrock news_jamrock at yahoo.com
Wed Oct 13 02:46:04 GMT 2004


"John H Terpstra" <jht at samba.org> wrote in message
news:200410120630.31390.jht at samba.org...
> On Tuesday 12 October 2004 05:05, jamrock wrote:
> > I could never get group mapping to work.  After reading Samba 3 by
example,
> > I realized that I needed to migrate the relevant groups from /etc/group
to
> > LDAP.
> >
> > I have set up a few servers since then and have not had any problems.
> >
> > I use the migration tools from padl.com to migrate the /etc/group
entries
> > to LDAP.  I only migrate the ones I need to map to Windows groups. See
> > http://www.padl.com/OSS/MigrationTools.html
> >
> > This is clearly stated in Samba 3 by example but I did not see it in the
> > Official Samba 3 How To.
>
> Please provide a documentation patch, or else clearly indicate what needs
to
> be updated and your fixes will be applied. Please don't just tell us what
to
> fix but rather give us an update that we can add.
>
> Thanks.
>
> - John T.

Hmmm...

I am not sure I understand the process well enough to do that.  All I know
is that I have found a way to get group mapping to work based on Section
6.3.5  of Samba 3 by example.

"At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
accounts that are mapped (linked) to Windows Domain Group accounts must be
in the LDAP database."

I don't know how or why.  I just know that since I have done this, group
mapping works beautifully on the systems that I have installed.

See also chapter 6 of  LDAP System Administration by Gerald Carter.  The
section on Information Migration gives detailed instructions on how to use
the migration tools from www.padl.com.

I copy the /etc/group account to another directory. I delete all the groups
that don't map to Windows groups.  (It is important to make sure that you
are working with the copy when doing this).  I then migrate the groups to a
LDIF file and use the standard LDAP commands to import them into the
directory.

I will have a look at the Samba Howto and see if I can find a good place to
stick in that sentence.  I think it makes or breaks the process.





More information about the samba mailing list