[Samba] Groups and sambaSIDList

Christian Huldt christian at solvare.se
Thu Feb 5 11:17:17 GMT 2009


I have a problem with one samba 3.0.24 pdc using ldap with nss etc,
sharing works fine, but ownership and the security tab seems crippled,
and usrmgr.exe complains about "the specified local group does not
exist" (of course without saying which group) so I dived in to check

I found filters like this one below in the ldap log - is that to support
nested groups? There are no groups with any sambaSIDList attribute - or,
there was no groups with any sambaSIDList attribute until I found that I
could not get ownership until I added the SID of the admin account I was
using as a sambaSIDList attribute to the admin group, memberuid did not
suffice.

I tend to believe that something is seriously skew with this
installation as all tools seems to add group members as memberuid, not
as sambaSIDlists, but I am grateful for any word to or against this is.

I was told the was some "strangeness" happening while vampiring the
domain, but they managed to work around that...

(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=s-1-5-21-1623357179-225914852-925700815-501)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))

-- 
mvh
Christian Huldt
0704612207



More information about the samba mailing list