[Samba] Domain authentification problem with LDAP
Craig White
craigwhite at azapple.com
Fri Mar 17 21:23:06 GMT 2006
On Fri, 2006-03-17 at 16:14 -0500, Daniel Tousignant wrote:
> Craig White <craigwhite at azapple.com> a écrit:
> >On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote:
> >> The objectclass sambaSAMAccount and subsequent fields have been
> >> created. We are using the standard perl script tools that are installed
> >> with
> >> the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6).
> >> What I really do not understand is that if I put a user in the standard
> >> ldap
> >> group "Domain Admins" (gid=512), the user is able to logon to the
> >domain,
> >> but not
> >> when it is in the "Domain Users" group (gid=513). What is the big
> >> difference for Samba
> >> between the two's ? Can it be an ACL problems ?
> >----
> >not very likely to be an ACL problem.
> >
> >net groupmap list|grep Domain
>
> Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) -> Domain
> Users
> Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) -> Domain
> Guests
> Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) -> Domain
> Admins
> Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) -> Domain
> Machines
> >
> >
> >net getlocalsid
>
> [2006/03/17 16:09:20, 0] utils/net.c:net_getlocalsid(494)
> Can't fetch domain SID for name: HIPPOLYTE
----
this is a MAJOR problem...it should look like
dn: sambaDomainName=EXAMPLE,dc=example,dc=net
sambaAlgorithmicRidBase: 1000
structuralObjectClass: sambaDomain
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaSID: S-1-5-21-89274850-471284788-6498272
sambaDomainName: EXAMPLE
gidNumber: 1021
uidNumber: 1095
and should have been created either by hand or by idealx 'populate'
script if you followed someones directions somewhere.
Craig
More information about the samba
mailing list