[Samba] net groupmap failures

Tom Skeren tms3 at fskklaw.com
Wed Sep 29 15:59:33 GMT 2004


OK all, really going nuts here.  wbinfo -u/-g works, pulls up the W2k 
users/groups.  Net ads join works just fine.  Created the krb5.keytab 
file on the w2k machine and kutil copy this to /etc/krb5.keytab.  kinit 
administrator works fine.  However, all net groupmap commands fail.  
Here's an example:

fskkweb# net groupmap add unixgroup=admin ntgroup="Domain Admins"
No rid or sid specified, choosing algorithmic mapping
[2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623)
  Failed to issue the StartTLS instruction: Decoding error
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
   (Operations error)

<Snip-error burps out for quite a number of lines>

[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
   (Operations error)
adding entry for group Domain Admins failed!
fskkweb#

I'm assuming there is some problem with openldap client.  ldapsearch 
burps out this:

fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893


Any body have any clues...I would love to get this working.  If you need smb.conf, krb5.conf, nsswitch files etc. please ask.

TMS III







More information about the samba mailing list