[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

Jim C. jcllings at javahop.com
Thu Sep 30 03:52:00 GMT 2004

>> Can you reccomend appropriate log levels for slapd/smbd?  I've always 
> statement like:
> access to dn.subtree="dc=j9starr,dc=net"
>     by group="cnReplicator,ou=Group,dc=j9starr,dc=net"
>     by * read
> doesn't work, adding regexp to it won't help to resolve this problem. 
> Did you check that it works without group with a simple 'by dn='?
> Ok, sorry... I've got in a lecture mood. It's just too confusing to see 
> what exactly you do and what kind of problems you encounter.

Actually, I think I am on to something.  Putting the ACL's under a 
microscope lead to the revelation of some differences in group structure 
from what I am using and those previously reccomended by Buchan Milne.


> [root at enigma 0 root]$ smbldap-groupshow 'Domain Controllers'
> dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net
> objectClass: posixGroup,sambaGroupMapping
> cn: Domain Controllers
> sambaGroupType: 2
> sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516
> gidNumber: 516
> displayName: Domain Controllers
> memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net


> dn: cn=Domain
> Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com
> objectClass: groupOfNames
> objectClass: top
> cn: Domain Controllers
> member:
> cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
> member:
> cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com

Now I don't know how slapd deals with groups but if it specifically 
needs groupOfNames, then I may have a problem. I'll see if I can 
manipulate the structure to include groupOfNames.  Who knows, I might be 
able to do it without redunancy.

Jim C.
| I can be reached on the following Instant Messenger services: |
| MSN: j_c_llings at hotmail.com  AIM: WyteLi0n  ICQ: 123291844 	|
| Y!: j_c_llings               Jabber: jcllings at njs.netlab.cz	|

More information about the samba mailing list