[Samba] Initializing a Samba3 ldapsam
Mike Brady
mike.brady at devnull.net.nz
Mon Feb 21 01:08:13 MST 2011
I have spent the last few days attempting to get a Samba3 PDC/BDC
setup with an LDAP SAM and need some clarification on exactly what
should/can be initialized in the LDAP SAM.
As my main sources of information/inspiration I have been using
http://http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP and the smbldap-tools source code, but have also been reading "Samba by Example" and the Samba How-tos. Unfortunately there are inconsistencies that I can not
resolve.
The short version of the question is - is there a full specification
(preferably in the form of an LDIF file) of everything that can/should
be initialized in the LDAP SAM?
The longer version is:
1) Both the Wiki and smbldap-tools have sambaGroupType set to 5 for
the BUILTIN groups. I found this reference saying that the
sambaGroupType should be 4 for BUILTIN groups.
http://samba.2283325.n4.nabble.com/LDAP-backend-and-sambaGroupType-for-builtin-groups-td2446893.html
Which is correct?
2) The Wiki page has all the BUILTIN groups with "full domain" SIDs,
but smbldap-tools has what I think are the correct SID for these
groups. Which is correct?
e.g. for Account Operators the Wiki has
S-1-5-21-3809161173-2687474671-1432921517-548 and smbldap-tools has
S-1-5-32-548.
3) http://support.microsoft.com/kb/243330 has a long list of the well
known SIDs, many of which do not make sense in a Samba domain, but is
there a full list of all the ones that do make sense for Samba and
what the LDAP SAM should be initialized to to implement them?
Thanks
Mike
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the samba
mailing list