[Samba] Samba LDAP PDC Admin and other minor problems.

David Sonenberg dsonenberg at strozllc.com
Tue Jan 25 20:17:23 GMT 2005

So I've got my PDC LDAP up and running and replicating over to the slave BDC, 
and I'm just trying to fix some minor problems.  I've added my self to the 
"Domain Admins" group but I still can't open the windows usrmgr program with 
my account.  I even set it up so my default group is "Domain Admins"  I can 
open it with the administrator account, but I can't add groups to a user from 
there.  When I try I get this error in my log.smbd
[2005/01/25 15:02:48, 3] groupdb/mapping.c:smb_add_user_group(1082)
  smb_add_user_group: Running the command 
`/usr/local/samba/sbin/smbldap-groupmod -m "test" "ntadmin"' gave 6
 I tried running it at the command line and I just get:
/usr/local/samba/sbin/smbldap-groupmod: ntadmin doesn't exist
I do have a ntgroup "Domain Admins" that is mapped to the unixgroup ntadmin.  
Here's my smb.conf:

#Domain Settings
interfaces = eth0
workgroup = STROZLLC
netbios name = NYHAND
wins support  = yes
os level = 35
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path =
logon home =

# Scripts
add user script = /usr/local/samba/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/samba/sbin/smbldap-userdel "%u"
add group script = /usr/local/samba/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/samba/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/samba/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/samba/sbin/smbldap-groupmod -x "%g" 
set primary group script = /usr/local/samba/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u"

# Ldap Configuration
passdb backend = ldapsam:ldaps://
ldap suffix = dc=strozllc,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=People
ldap idmap suffix = ou=People
ldap admin dn = cn=Manager,dc=strozllc,dc=com
ldap delete dn = Yes
ldap ssl = yes
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
#winbind separator = +

path = /var/samba/netlogon
read only = yes
write list = ntadmin

path = /var/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane, Suite 1208
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)

More information about the samba mailing list