[Samba] Domain authentification problem with LDAP
Daniel Tousignant
daniel_tousignant at travelcom.com
Fri Mar 17 21:14:05 GMT 2006
Craig White <craigwhite at azapple.com> a écrit:
>On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote:
>> The objectclass sambaSAMAccount and subsequent fields have been
>> created. We are using the standard perl script tools that are installed
>> with
>> the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6).
>> What I really do not understand is that if I put a user in the standard
>> ldap
>> group "Domain Admins" (gid=512), the user is able to logon to the
>domain,
>> but not
>> when it is in the "Domain Users" group (gid=513). What is the big
>> difference for Samba
>> between the two's ? Can it be an ACL problems ?
>----
>not very likely to be an ACL problem.
>
>net groupmap list|grep Domain
Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) -> Domain
Users
Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) -> Domain
Guests
Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) -> Domain
Admins
Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) -> Domain
Machines
>
>
>net getlocalsid
[2006/03/17 16:09:20, 0] utils/net.c:net_getlocalsid(494)
Can't fetch domain SID for name: HIPPOLYTE
>
>
>why don't you post up what comes from those commands...
>
>Craig
Daniel Tousignant
Support informatique
Intair Transit
Courriel : daniel_tousignant at travelcom.com
Telephone : (514) 286-8515 poste 3326
More information about the samba
mailing list