[Samba] SID mapping to group name failed...
Anthony Messina
amessina at messinet.com
Sat Jan 21 22:22:49 GMT 2006
one thing to double check... sometimes in openldap,the groups container
is "ou=Group" instead of "ou=Groups".
make sure that your ldap group container is the same as you have set in
smb.conf
My Website: http://messinet.com
My Online Gallery:
http://messinet.com/modules.php?name=Web_Links&l_op=visit&lid=3
Michael Gasch wrote:
> what says getent group ?
>
> greez
>
> Pierre-Francois LAURAND wrote:
>
>> Hi,
>>
>> I'am experimenting an error on a Samba 3.0.20 pdc with ldap backend :
>>
>> When I have a try with the MS Win2k ACL editor to change a file
>> permissions located on a Samba share, I can add or suppress domain users
>> related acls, but with group related acls, an error occurs : MS Editor
>> correctly shows the group SID, but cannot map the SID with the
>> associated group name.
>>
>> smbd.log gives :
>>
>> [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)]
>> rpc_server/srv_samr.c:api_samr_query_usergroups(520)
>> api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.
>> [2006/01/20 10:07:27, 0, effective(6238, 2648), real(6238, 0)]
>> rpc_server/srv_pipe.c:api_rpcTNP(1572)
>> api_rpcTNP: samr: SAMR_QUERY_USERGROUPS failed.
>>
>>
>> Note that "net groupmap list" just work and list the correct mapping
>> between the sambaSID and the corresponding user groups registered in the
>> dit.
>>
>> Relevant part of smb.conf :
>>
>> [global]
>> workgroup = MYDOMAIN
>> interfaces = lo0, em1
>> security = user
>> enable privileges = yes
>> username map = /usr/local/etc/smbusers.map
>> log file = /var/log/samba/smb.log
>> debug uid = Yes
>> domain logons = Yes
>> os level = 255
>> preferred master = Yes
>> domain master = Yes
>> passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
>> ldap admin dn = cn=samba,ou=serviceAccounts,o=myorg
>> ldap suffix = o=myorg
>> ldap machine suffix = ou=computers
>> ldap user suffix = ou=users
>> ldap group suffix = ou=groups
>>
>> [Public]
>> path = /export/public/%G
>> read only = No
>> create mask = 0755
>> directory mask = 0775
>> force user = %U
>>
>>
>> Thanks for your help,
>
>
More information about the samba
mailing list