[Samba] Re: Re: Groupmapping doesn't work
news_jamrock at yahoo.com
Wed Oct 13 02:46:04 GMT 2004
"John H Terpstra" <jht at samba.org> wrote in message
news:200410120630.31390.jht at samba.org...
> On Tuesday 12 October 2004 05:05, jamrock wrote:
> > I could never get group mapping to work. After reading Samba 3 by
> > I realized that I needed to migrate the relevant groups from /etc/group
> > LDAP.
> > I have set up a few servers since then and have not had any problems.
> > I use the migration tools from padl.com to migrate the /etc/group
> > to LDAP. I only migrate the ones I need to map to Windows groups. See
> > http://www.padl.com/OSS/MigrationTools.html
> > This is clearly stated in Samba 3 by example but I did not see it in the
> > Official Samba 3 How To.
> Please provide a documentation patch, or else clearly indicate what needs
> be updated and your fixes will be applied. Please don't just tell us what
> fix but rather give us an update that we can add.
> - John T.
I am not sure I understand the process well enough to do that. All I know
is that I have found a way to get group mapping to work based on Section
6.3.5 of Samba 3 by example.
"At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
accounts that are mapped (linked) to Windows Domain Group accounts must be
in the LDAP database."
I don't know how or why. I just know that since I have done this, group
mapping works beautifully on the systems that I have installed.
See also chapter 6 of LDAP System Administration by Gerald Carter. The
section on Information Migration gives detailed instructions on how to use
the migration tools from www.padl.com.
I copy the /etc/group account to another directory. I delete all the groups
that don't map to Windows groups. (It is important to make sure that you
are working with the copy when doing this). I then migrate the groups to a
LDIF file and use the standard LDAP commands to import them into the
I will have a look at the Samba Howto and see if I can find a good place to
stick in that sentence. I think it makes or breaks the process.
More information about the samba