[Samba] Samba LDAP PDC Admin and other minor problems.
dsonenberg at strozllc.com
Tue Jan 25 20:17:23 GMT 2005
So I've got my PDC LDAP up and running and replicating over to the slave BDC,
and I'm just trying to fix some minor problems. I've added my self to the
"Domain Admins" group but I still can't open the windows usrmgr program with
my account. I even set it up so my default group is "Domain Admins" I can
open it with the administrator account, but I can't add groups to a user from
there. When I try I get this error in my log.smbd
[2005/01/25 15:02:48, 3] groupdb/mapping.c:smb_add_user_group(1082)
smb_add_user_group: Running the command
`/usr/local/samba/sbin/smbldap-groupmod -m "test" "ntadmin"' gave 6
I tried running it at the command line and I just get:
/usr/local/samba/sbin/smbldap-groupmod: ntadmin doesn't exist
I do have a ntgroup "Domain Admins" that is mapped to the unixgroup ntadmin.
Here's my smb.conf:
interfaces = eth0 10.1.0.6/24
workgroup = STROZLLC
netbios name = NYHAND
wins support = yes
os level = 35
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path =
logon home =
add user script = /usr/local/samba/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/samba/sbin/smbldap-userdel "%u"
add group script = /usr/local/samba/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/samba/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/samba/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/samba/sbin/smbldap-groupmod -x "%g"
set primary group script = /usr/local/samba/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u"
# Ldap Configuration
passdb backend = ldapsam:ldaps://10.1.0.6:636
ldap suffix = dc=strozllc,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=People
ldap idmap suffix = ou=People
ldap admin dn = cn=Manager,dc=strozllc,dc=com
ldap delete dn = Yes
ldap ssl = yes
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
#winbind separator = +
path = /var/samba/netlogon
read only = yes
write list = ntadmin
path = /var/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane, Suite 1208
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)
More information about the samba