[Samba] Using LDAP and Unix Group Group Mappings

Adam Tauno Williams adamtaunowilliams at gmail.com
Wed Jul 18 15:48:03 GMT 2007

> I could not find anything in the discussion groups or documentation
> about using LDAP and Unix group mappings.  
> The documentation states that in order to map unix groups to samba
> groups, you need to use the net group add command.  However, I have an
> ldap backend and all my groups, that I care about are in LDAP.

It makes no difference;  groups from LDAP presented via NSS are "unix

> So I have a group called mainwdev. 
> dn: cn=test,ou=Group,dc=somewhere,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
> sambaGroupType: 2
> objectClass: top
> cn: test
> gidNumber: 801
> memberUid: user1
> memberUid: user2
> memberUid: user3
> memberUid: user4
> memberUid: user5
> memberUid: user6
> Now, if I run "net groupmap list", I can see the group mapping as
> follows.
> test (S-1-5-21-582185903-2148186938-2210701745-801) -> test
> But when I attempt to log onto a share that only allows anyone that
> belongs to the group test (say user1), i get permission denied errors.

Are you running nscd?  Did you restart/stop it and do your test?  Always
test with nscd disabled.  Does "id user1" show him/her in group "test"?

> Do I still have to run "net group map" command to establish a
> relationship between unix and samba groups?

Looks like you already did.

Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list