[Samba] Samba 2 PDC upgrade to Samba 3 - group mapping problem

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 1 15:51:13 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/31/2006 02:56 PM, ryan punt escreveu:
> I'm in the process of replacing a Samba 2.2.12 PDC with 
> Samba 3.0.14a-Debian. An LDAP database serves as the
> user data store, and I've made no changes to the Samba
> 2.2.x-compatible LDAP records. Since I don't relish
> LDAP schema changes, I've specified ldapsam_compat as
> my passdb backend; I figured that since I was already
> running a compatible LDAP schema, there was no need to
> make use of the updated, Samba3-compatible LDAP schemas.

	AFAIK Samba2.2 does not offer a complete support
to group mapping in the same way Samba3 does it.


> However, I'm starting to doubt that assumption, because 
> every time I try to list group mappings or assign
> security rights, I get the following search in my LDAP
> log:
> 
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=1000))" 
> attrs="gidNumber sambasid sambagrouptype sambasidlist
> description displayName cn objectClass"

	Yes, but I believe you can change that search
in your smb.conf.

	Anyway, did you saw that [1]thread back in December
2003 in the samba list, I hope the ideas over there can help
you.


> [My already-defined group "Domain Admins" has GID 1000]
> Since sambaGroupMapping is part of the updated Samba LDAP 
> schema, I suppose I'll have to make those schemas
> available; or do I have my ldapsam_compat configuration
> wrong? Again, I would have thought that specifying
> ldapsam_compat would have meant maintaining operational
> capability with a working Samba 2.2.x+LDAP installation,
> but apparently I was wrong...?

	ldapsam_compat should work just fine, althought
I do not use it for a long time I remember it work
perfectly (but I didn't use group maps at that time).


> On a possibly-related note, does anyone know where I 
> could find SunOne DS-compatible Samba schemas? The
> latest version I've been able to find was listed
> compatible with Samba <= 3.0.10.

	Sorry, can't help on that one. :-(


> TIA,
> Ryan
> 
> relevant smb.conf:
[...]

	Hope this helps. Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFE+FbxCj65ZxU4gPQRAvhSAJ4056amR76wwAIIGH+wQ2gA0zOJnwCffbas
zgla69fJDRcO55EZVCkqJkA=
=SqDA
-----END PGP SIGNATURE-----

More information about the samba mailing list