[Samba] Samba with LDAP

jools jools at oss4all.plus.com
Mon Oct 31 19:56:57 GMT 2005

Hi all,

I have a Samba PDC running OpenLDAP 2.3.6 and Samba 3.0.20. I've followed the 
scheme laid down in the smb/ldap document at www.idealx.org and have used the 
smbldap-tools from the same site to configure the Samba groups and base 

Using smbldap-useradd -a <user> I've set up 700 user accounts (300 max active 
at a time) and have the home directories on the PDC and a seperate apps share 
on a second Samba server (same versions) configured as a domain member.

On the PDC, I've got nss_ldap and pam_ldap configured and can log into the 
Samba accounts even though there are no equivalent UNIX accounts for the 
Samba users.  On the user's Samba shares, I have set the permissions to rwx 
r-x --- for the owner and the group "Domain Admins" so I can use a Domain 
Admin account to perform backups via NFS to a live backup server.  

On the second server I have winbind running and executing wbinfo -u lists the 
domain users and wbinfo -g lists the domain groups. I can authenticate on the 
server using  a Domain User login but I can't set the group ownership of a 
folder or file to Domain Users in the same way I can the set the shares on 
the PDC for Domain Admins.

I have mapped the Domain Users group to a local group called users  on the 
second server and set the group ownership of the share to to use it but I get 
access denied. I can run chgrp 513 on the folder and I get access for Domain 
Users but the group ownership appears as 513. If i run net groupmap list, I 
get an entry that says:

Domain Users -> S-1-xxxxxxxxxxxxx  -> users

I'm obviously missing something obvious. Any clues?



More information about the samba mailing list