[Samba] Usrmgr cannot add groups with ldap backend

Glenn Arnold garnold at unrealsolutions.com
Sat Oct 21 04:31:51 GMT 2006

I get the following errors when I try to remove group from a user with
smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd
-p 'test'' gave 111

[2006/10/20 19:53:29, 0] groupdb/mapping.c:smb_delete_user_group(1087)
  smb_delete_user_group: Running the command
`/usr/local/sbin/smbldap-groupmod -x hmiller' 'hsstaff'' gave 2

I am running redhat es3 with samba 3.0.22 with ldap backend.  Any ideas?
Here is the Global part of my smb.conf

Thanks in advance!

interfaces = eth*
netbios name = Server
workgroup = Domain
server string =
security = user
os level = 64
domain master = yes
local master = yes
preferred master = yes
time server = yes
ldappasswd sync =yes
passdb backend = ldapsam:ldap://server.somewhere.com
ldap admin dn = cn=samba,ou=DSA,dc=somewhere,dc=com
#ldap admin dn = cn=Manager,dc=somewhere,dc=com
ldap suffix = dc=somewhere,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = no
unix extensions = yes
encrypt passwords = yes
domain logons = yes
logon script = logon.bat
logon drive = H:
logon home = \\%L\%U
logon path =
wins support = no
wins server =
#veto files = /*.eml/*.nws/
lanman auth = yes
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
dos charset = 850
unix charset = ISO8859-1
oplocks = yes
load printers = yes
;default devmode = yes
printing = cups
force printername = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = -
winbind use default domain = No
enable privileges = yes
eventlog list = Application System Security SyslogLinux
log level = 1
admin users =@"Domain Admins"
;map acl inherit = Yes

More information about the samba mailing list