[Samba] Re: LDAP: strange "net groupmap" behaviour
sambauser at katehok.ac93.org
Wed Oct 27 12:02:09 GMT 2004
For those who may also look into this problem.
1. This problem is on FreeBSD 4.10 (read - without NSS!)
2. UNIX groups and accounts are kept locally (not in LDAP) whereas Samba
is configured to use LDAP.
3. gidNumber=4294967295 is the same as 0xFFFFFFFF which is (unsigned
int)-1 and Samba's attempt to look for a group with this gid may
indicate an incorrect check for an error in the code.
Let's do it together, shall we? :)
Igor Belyi wrote:
> Ilia Chipitsine wrote:
>> Dear Sirs,
>> I did the following command (against ldapsam backend):
>> net groupmap add rid=3002 unixgroup=wheel type=local
>> ntgroup=Marketoids comment=Mm -d 10
>> I just wanted to add new group. But instead of that I saw many-many-many
>> they all wanted to find group with gidNumber=4294967295, yes, sure,
>> there's no such group. I didn't mean to find that group, I just meant
>> to add new one. What's wrong ?
> 'net groupmap' is used to map a Domain group SID to an existing UNIX group.
> If you want to create UNIX group in LDAP you may want to use smbldap
> tools: /usr/local/sbin/smbldap-groupadd.pl <group name>
> To add a group and a mapping use '-a' option with smbldap-groupadd.pl
> To add groups and a mapping via 'net group add' command or with
> usrmgr.exe Windows utility, add the following line to your smb.conf:
> add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
> Please, read Samba docs.
> Hope it helps,
More information about the samba