[Samba] PDC LDAP Idmap problem

Brent Kiley bkiley at gmail.com
Mon Apr 23 16:06:03 GMT 2007


I have a PDC running on SLES 10 which is using an ldap password backend and
is suppose to be using ldap Idmap as well. My problem seems to be that my
PDC is not writing any entries to the ldap idmap. Everything works just fine
on the PDC, shares and what not, but I can not get a Samba domain member
server to share anything properly. I get permissions errors and other
problems like that. For example on the members server, it uses ldap for
authentication so that ldap users can login to that machine (mostly just me)
and this also helps because it is aware of all the usernames and group
names, which simplifies permissions I think. The problem is shares on this
server do not function correctly. When looking from windows the shares do
not seem to belong to the correct group (for example one set to it on the
server ends up as administration on the windows security page) and even if I
am a member of all the groups I get a permission denied when I try to create
new folders.

The reason I think it is an idmap problem is because no entries are created
in the idmap section in ldap by the pdc and because of the miss used groups
I described above. One other thing is, the Domain Member server seems to
write two entries to the idmap in ldap if it does not exist already.

I am really at a loss as to how to proceed with this setup to correct my
problem. If someone on here has any suggestions and can explain how I should
go about it then please I would greatly appreciate it. Also I have not
copied any config files here to avoid flooding, but if anyone would like to
see any config file please just ask me and I will provide them.

Thank you again,


More information about the samba mailing list