[Samba] Adding local group -> Access denied

Holger Wesser wesser at gmx.com
Tue Apr 26 06:40:34 GMT 2005

Hash: SHA1


What do you want from me? Do you want to teach me the principles of
admin's work? In this case, feel free to open a new thread!!!


Tony Earnshaw wrote:
| man, 25.04.2005 kl. 17.48 skrev Holger Wesser:
|>short question: I try to add a local group via the NT-Usermanager
|>("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
|>group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
|>on Debian Sarge (testing) with the smbldap-tools (v0.8.8).
|>What could I have done wrong?
| Basically using LDAP and the smbldap-tools (v0.8.8) knowing what they
| do, how they do it or having read through *all* the official Samba
| documentation and done everything in it. Had you done so (judging that
| tens of thousands have got it to work before you) it would work for you.
| That having been said (my bounden duty to the Samba team), I have always
| contended and still contend that the idealx smbldap-tools (whichever
| version whatever) are UTTERLY USELESS to an LDAP pro who already has an
| LDAP DSA running with a completely different DIT to which the idealx and
| Samba people might decree.
| However, the good news is, that whichever sysadmin:
| a: first understands  LDAP (at least several months experience for any
| other use than Samba whatsoever)
| b: second has had a concentrated look at Samba 3 utils and daemons;
| c: third has a reasonable experience in awk, shell and sed scripting
| (each of awk and sed one can teach oneself in a weekend, shell costs one
| years, learn it first)
| doesn't need  the idealx tools.
| Not needing the idealx tools means that the sysadmin is free to choose
| his own LDAP DIT as he/she has already implemented it (long before
| having started with Samba 3). The Samba daemons and utils of all kinds
| do not need the idealx tools, they work perfectly without them. They
| (the Samba daemons and uitils) were implemented by prophets of the true
| way. idealx has to drag itself, groaning, to the heights that these
| magnificent tools reached some time ago.
| The Samba people don't need teaching, the idealx people need training in
| what LDAP is. They seem to be utterly ignorant, as to that extent.
| No, John H. T. I have not contacted the idealx people. That would be
| useless. There are several thousand others besides me who find idealx's
| method perfect, then there's me that doesn't. The difference is, that I
| already had my DIT (multiple user bases, multiple group bases and much
| more. Samba isn't there for LDAP, LDAP is there for Samba) and had to
| make it work with Samba, not the other way around. So I can't use the
| "on the fly" Samba scripts, I have to do things by hand. No skin off my
| nose.
| --Tonni

Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list