[Samba] net groupmap failures
Tom Skeren
tms3 at fskklaw.com
Wed Sep 29 15:59:33 GMT 2004
OK all, really going nuts here. wbinfo -u/-g works, pulls up the W2k
users/groups. Net ads join works just fine. Created the krb5.keytab
file on the w2k machine and kutil copy this to /etc/krb5.keytab. kinit
administrator works fine. However, all net groupmap commands fail.
Here's an example:
fskkweb# net groupmap add unixgroup=admin ntgroup="Domain Admins"
No rid or sid specified, choosing algorithmic mapping
[2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623)
Failed to issue the StartTLS instruction: Decoding error
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
(Operations error)
<Snip-error burps out for quite a number of lines>
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
(Operations error)
adding entry for group Domain Admins failed!
fskkweb#
I'm assuming there is some problem with openldap client. ldapsearch
burps out this:
fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
Any body have any clues...I would love to get this working. If you need smb.conf, krb5.conf, nsswitch files etc. please ask.
TMS III
More information about the samba
mailing list