[Samba] PDC groupmapping problem

[Paul Gienger]

> I'm trying to iron out all the problems on my PDC.  It's setup with a 
> LDAP backend that's replicated to an ldap slave/BDC.  Here's the problem:
>
> # smbldap-groupshow 'domain admins'
> dn: cn=Domain Admins,ou=People,dc=strozllc,dc=com
> objectClass: posixGroup,sambaGroupMapping
> gidNumber: 512
> cn: Domain Admins
> memberUid: Administrator,root,astanley
> description: Netbios Domain Administrators
> sambaSID: S-1-5-21-1001378032-4272845324-1772824492-512
> sambaGroupType: 2
> displayName: Domain Admins
> # smbldap-groupmod -m test 'domain admins'
> /usr/local/samba/sbin/smbldap-groupmod: group domain admins not found!
> # net groupmap list
> Domain Admins (S-1-5-21-1001378032-4272845324-1772824492-512) -> ntadmin
> Domain Guests (S-1-5-21-1001378032-4272845324-1772824492-514) -> nobody
> Print Operators (S-1-5-32-550) -> 550
> Backup Operators (S-1-5-32-551) -> 551
> Replicators (S-1-5-32-552) -> 552
> Domain Users (S-1-5-21-1001378032-4272845324-1772824492-513) -> users

Not sure exactly what you're doing here or what your problem is since 
you don't say anything about it.  I could make some guesses but lets 
have you tell us what it is.  Could you please explain thoroughly since 
it appears you've got something really screwed up.  I'm curious what 
versions of samba, smbldap-tools you're running as well as how you got 
things set up the way they are.  Platform information would also be nice 
to know, for future reference.

Note that if things are set up properly you should be able to use the 
net groupmap commands to administer group mappings.

Why do you have groups in your People container?  Most of the time this 
is done with groups in ou=Group(s) but you can structure your DIT any 
way you want really.

-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com