[Samba] Migrating (vampire) from NT4 to samba 3.5.7
Harry Jede
walk2sun at arcor.de
Thu Mar 3 03:18:36 MST 2011
On 10:08:23 wrote Veiko Kukk:
> On 02/03/11 15:43, Veiko Kukk wrote:
> > Also, on NT4 there is group named "Domain Users", but that too does
> > not get imported to ldap database. It's empty on linux box, getent
> > group output gives:
> > ...
> > Domain Users:*:513:
>
> I investigated some more and found out that if I do "net rpc group
> MEMBERS "Domain Users"", group members get listed.
> EKRPTEST\kasutaja1
> EKRPTEST\kasutaja2
> EKRPTEST\kasutaja3
> EKRPTEST\kasutaja4
>
> Then why "getent group" does not list members of "Domain Users"?
dump the groups out of ldap :-)
ldapsearch -x -LLL '(|(objectclass=posixGroup)
(objectclass=sambaGroupMapping))'
and you will see, that samba uses TWO DIFFERENT group definitions.
It's your choice, which you will use in the future.
Read "Samba by Example" to find your way to do it right.
AND do remember, that both worlds (posix and windows) knows two
different kind of groups: "normal groups" and "primary groups".
"normal groups" defines their members in the group definition.
"primary groups" defines their members in the user definition.
Also remember that Windows and samba knows and may uses "nested groups",
where posix have no equivalant. But modern nss implementaions knows how
to handle "nested groups". openldap may also support nested groups.
> I investigated some more and found out that if I do "net rpc group
> MEMBERS "Domain Users"", group members get listed.
> EKRPTEST\kasutaja1
> EKRPTEST\kasutaja2
> EKRPTEST\kasutaja3
> EKRPTEST\kasutaja4
Here, you have queried a so called "primary group".
Your group "specialusers1" is a normal group. Check how the members are
defined. Maybe you must reconfigure the PAM/NSS-system to use winbindd
instead of ldap.
--
Good luck
Harry Jede
--
Gruss
Harry Jede
More information about the samba
mailing list