[Samba] How do you configure a NIS group?

Marc Muehlfeld mmuehlfeld at samba.org
Sun Oct 12 01:52:57 MDT 2014


Hello John,

Am 12.10.2014 um 00:41 schrieb John Lewis:
> That doesn't do anything for me because I don't have a Windows machine
> on my network. I need the name of the attribute so I can ldapmodify it.

You shouldn't use ldapmodify for doing changes. Use samba-tool!

AD uses backlinks for storing group memberships. See
http://www.frickelsoft.net/blog/?p=130
for details about AD backlinks.

If you use 'samba-tool', you are sure, that everything is done right in
your database and nothing gets corrupted by missing something or wrong
usage.




> I think I need these attributes defined memberUid memberNisNetgroup
> defined, but I haven't figured out where on the directory tree yet.

In the group DN, the following two attributes have to be added once, to
enable it for the usage like mentioned in the Wiki nslcd documentation
if you don't use ADUC:
   msSFU30NisDomain: samdom
   gidNumber: 12345
Use 'ldbedit' for adding them.


If you follow the documentation in the Wiki, then the group membership
is taken from the AD groups, so you don't have to maintain the
membership on two places (AD groups and Unix attributes group members).

In the group DN, the 'member' attribute points to the user account:
member: CN=demo01,CN=Users,DC=samdom,DC=example,DC=com

In the user DN, the 'memberOf' attribute points to the group:
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com



Regards,
Marc


More information about the samba mailing list