Michael Joseph Nenishkis
2002-Sep-27 16:07 UTC
[Samba] 2.2.5 LDAP/smbpasswd -L problem help.
Guru's, I humbly ask you for help. I ran into a problem in which I cannot find the reason/fix. System: redhat 7.3 samba 2.2.5 --withldapsam nss_ldap configured to route the Unix UID/GID from same LDAP server. It is running well and am able to authenticate off the LDAP servers. One problem I am having right now is that I would like non-root administrators to be able to use smbpasswd -L option to reset user passwords. the /etc/samba/secrets.tdb is -rw-rw-r-- 1 root ADMIN 8192 Sep 27 18:19 /etc/samba/secrets.tdb *changed group rights so that user in ADMIN group of unix has write access -- as pointed out on the samba readme files. username, for example, on unix is joedoe. telnet to unix host as joedoe, type "id -G" shows 5 groups, for example. uid=510(joedoe) gid=100(users) groups=100(users),300(Group1),200(ADMIN),201(Group2),302(Group3) So joedoe is a member of the ADMIN group. SMB.conf is configured as follows: domain admin group = @ADMIN I am able to join NTworkstation into the domain as user joedoe, so samba understands domain admin = @admin = joedoe is a member. But, when I login to unix host as joedoe, and type smbpasswd -L maryjoe -D256 (enter) New SMB password: xxxxxx Retype SMB password: xxxxxx --cut cut--- ldap_open_connection: starting... user_in_list: checking user joedoe in list @ADMIN user_in_list: checking user |joedoe| against |@ADMIN| Unable to get default yp domain user_in_unix_group_list: checking user joedoe in group ADMIN user_in_unix_group_list: no such group ADMIN ldap_open_connection: cannot access LDAP when not root or a member of domain admin group.. Failed to find entry for user maryjoe. Failed to modify password entry for user maryjoe --- Seems Samba is not able to get the full group list for user joedoe. (?) I have looked into "user_in_unix_group_list" in the source and found there is a handle in lib/username.c but I have not clue what to do. Please kindly give me a pointer on this problem..