[Samba] LDAP: Mixing local and LDAP-Users

[Felipe Augusto van de Wiel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Denis,

On 18-09-2011 17:18, Denis Witt wrote:
> is it possible to mix local and LDAP-Users? Especially I need to
> know if it's possible to use an LDAP-Group (like the group that
> is mapped to Domain Administrators) together with an local user.

It is, but you aren't going to do that with "standard" tools. :-)


> (If I use "adduser $username $ldap-group" the group isn't found,
> even if the group is shown using "getent group".)

Just go to LDAP Group and use the member attribute to add your
user.  Depend if you are using rfc2703bis or not that may vary.

Once LDAP reports the user is present in the group, the system
should do the rest. :)


> If this isn't possible, is there a way to map more than one
> group to the rid=512 (ntgroup="Domain Admins")?

That's also possible, you should use 'net groupmap'

Kind regards,
- -- 
Felipe Augusto van de Wiel <felipe.wiel at hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/    T: +55 41 3310 1747
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJOe6yUAAoJECCPPxLgxLxP86UP/3fz4TVezW3+EZ0cIM4oBXtV
4Zgna0Mdx8GuREcXyU/wQYiLbd5VK7k6xF1T9rkIS4fjWlfNk7W9jWHadiMnlKOr
+KIHeG43bH2YdxO784T0vNyuz1dZgpLaA9LKJeCxY/8j/JrzAIuBJNayarFtyU7D
yDJ9CI5zJMM2IL9GvDLcQKeoW+61mjVCxpnMiI3Wd+PYjjwIY+YDJZAGYx8bWoKo
+hpShR6VbmOqR7hjbMheaVeoHv9GPEvGLwroCAnYHsvO0oyD6ksmm9XFZQfLVt/E
1SxDu0WPCRkiuUGFLpCQrUMWOi21S8+ge5lsMSHFKjuMOslvU/6rfhrS3SkfAX3q
47nQMw/FIPqrNRRIa6kwSFTiD749r1bAjibhvI4A8p2qehsf0/MNF012Od3zNfcY
v2P/OXBJfoO3mfUlSQAz4rhWHp7YdWBh+eY4Gt0fsLYwae8QjB2vBmL0FwvE6Kb7
mB1XaNr6BGoPXiTTziUi14wkqpaQt/geIxg92r0iUWH1G5WPCCxsHE0jBX2mDF8B
dOr67hkWMY9/2m6ch1P4eW2psyRyVYlDxyq3RFGlcO2Q6FP0Ox/tYlVDbB4i744j
gKDYeJAMKTMo2XasnI5bdiC96p9tvI4syi8Tq95RDoqKHJgUJKyaysDf+shZ4CzZ
effZ/6aquAS0E91O8Pjx
=9yjd
-----END PGP SIGNATURE-----