[Samba] Re: LDAP: strange "net groupmap" behaviour

Igor Belyi sambauser at katehok.ac93.org
Mon Oct 25 15:26:34 GMT 2004

Ilia Chipitsine wrote:
> Dear Sirs,
> I did the following command (against ldapsam backend):
> net groupmap add rid=3002 unixgroup=wheel type=local ntgroup=Marketoids 
> comment=Mm -d 10
> I just wanted to add new group. But instead of that I saw many-many-many
> records:
> lib/smbldap.c:smbldap_search(963)
> passdb/pdb_ldap.c:ldapsam_getgroup(2008)
> they all wanted to find group with gidNumber=4294967295, yes, sure, 
> there's no such group. I didn't mean to find that group, I just meant to 
> add new one. What's wrong ?

'net groupmap' is used to map a Domain group SID to an existing UNIX group.
If you want to create UNIX group in LDAP you may want to use smbldap 
tools: /usr/local/sbin/smbldap-groupadd.pl <group name>
To add a group and a mapping use '-a' option with smbldap-groupadd.pl 
To add groups and a mapping via 'net group add' command or with 
usrmgr.exe Windows utility, add the following line to your smb.conf:
add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"

Please, read Samba docs.
Hope it helps,

More information about the samba mailing list