[Samba] Using LDAP and Unix Group Group Mappings

Svancara, Randall rsvancara at wsu.edu
Wed Jul 18 15:08:06 GMT 2007

Hello all,

I could not find anything in the discussion groups or documentation
about using LDAP and Unix group mappings.  

The documentation states that in order to map unix groups to samba
groups, you need to use the net group add command.  However, I have an
ldap backend and all my groups, that I care about are in LDAP.

So I have a group called mainwdev. 

dn: cn=test,ou=Group,dc=somewhere,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
sambaGroupType: 2
objectClass: top
cn: test
gidNumber: 801
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: user5
memberUid: user6

Now, if I run "net groupmap list", I can see the group mapping as

test (S-1-5-21-582185903-2148186938-2210701745-801) -> test

But when I attempt to log onto a share that only allows anyone that
belongs to the group test (say user1), i get permission denied errors.
Do I still have to run "net group map" command to establish a
relationship between unix and samba groups?



More information about the samba mailing list