[Samba] Using LDAP and Unix Group Group Mappings
Adam Tauno Williams
adamtaunowilliams at gmail.com
Wed Jul 18 15:48:03 GMT 2007
> I could not find anything in the discussion groups or documentation
> about using LDAP and Unix group mappings.
> The documentation states that in order to map unix groups to samba
> groups, you need to use the net group add command. However, I have an
> ldap backend and all my groups, that I care about are in LDAP.
It makes no difference; groups from LDAP presented via NSS are "unix
groups"
> So I have a group called mainwdev.
> dn: cn=test,ou=Group,dc=somewhere,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
> sambaGroupType: 2
> objectClass: top
> cn: test
> gidNumber: 801
> memberUid: user1
> memberUid: user2
> memberUid: user3
> memberUid: user4
> memberUid: user5
> memberUid: user6
> Now, if I run "net groupmap list", I can see the group mapping as
> follows.
> test (S-1-5-21-582185903-2148186938-2210701745-801) -> test
> But when I attempt to log onto a share that only allows anyone that
> belongs to the group test (say user1), i get permission denied errors.
Are you running nscd? Did you restart/stop it and do your test? Always
test with nscd disabled. Does "id user1" show him/her in group "test"?
> Do I still have to run "net group map" command to establish a
> relationship between unix and samba groups?
Looks like you already did.
--
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org
More information about the samba
mailing list