[Samba] Something weird about pdbedit.

Harry Jede walk2sun at arcor.de
Wed Mar 11 15:44:48 GMT 2009 

Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD:
> On Wednesday 11 March 2009 14:51:25 Harry Jede wrote:
>
> Hello !
> First of all, thanks for your answer, even if it doesn't help much.
>
> > First things first: Read the f... manual
>
> That's what I did, after I made my mistake.
>
> > - you should not have 2 groups with the same gidNumber
>
> Forgive me if my question was not asked correctly. So I will try to
> make it clearer : which gid should I change then ? The one from the
> unix group or the one of the samba group ? Are there rules to do so
> (I mean reserved numbers, limits for the gid, things like this) ?
You can only have ONE group with ONE gidNumber.

BAD SETUP begin:
dn: cn=cdti,ou=Group,BASEDN
objectClass: posixGroup
objectClass: top
cn: cdti
userPassword: {crypt}x
gidNumber: 666

Here is how the samba group is defined :

dn: cn=CDTI,ou=Groups,BASEDN
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: CDTI
description:: 
Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm
 1hdGlvbg==
sambaGroupType: 2
memberUid: david
gidNumber: 666
sambaSID: S-1-5-21-215069222-2822928016-2390355089-666
BAD SETUP end:

Combine these in a way, that you have only one group with the name cdti.

for example:
delete cn=cdti,ou=Group,BASEDN
and it may be fine.


You should not have different groups with the same name, even if one is 
in uppercase and the other in lowercase letters.

You should not have identical names in your LDAP database across the 
following fields: cn, uid and displayName for more then one record.


Example:
dn: uid=john,ou=...
uid=john
displayname=john

That is OK

######
dn: uid=john,ou=A,ou...
uid=john
displayname=john

dn: uid=john,ou=B,ou=...
uid=johnB
displayname=john

That's bad.

######
dn: uid=john,ou=A,ou...
uid=john
displayname=john

dn: cn=john,ou=groups,ou...
cn=john

That's also bad.




>
> > - sambaLMPassword & sambaNTPassword do not hold the password in
> > ascii, both must contain password hashes
>
> I hope you were joking. I said I obfuscated what had no point with
> the question, and password hashes were replaced with "PLOP" in my
> previous mail ;-)
Sorry,
I do not now "PLOP".

> > Go back, and take some time to read the docs
>
> That's what I keep doing, anyway.
>
> Thanks for your answer and have a nice day.
>
> > --
> >
> > Gruss
> > 	Harry Jede

-- 

Gruss
	Harry Jede

More information about the samba mailing list