Alex Meier
2003-May-26 14:19 UTC
[Samba] Samba 3.0alpha24 / OpenLDAP / support for groups broken?
Hello! we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating the guest - user manually in the LDAP directory, everything seemed to work fine. However we cannot create any group. The "net group map" command runs without any error message, and states: blue# ./net groupmap add rid=999 unixgroup=syadm Successully added group syadm to the mapping db Unfortunately the group was *NOT* created as "./net groupmap list" reveals: blue# ./net groupmap list blue# When running Samba without LDAP support "./net groupmap list" shows the build-in groups: blue# ./net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1 Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Shouldn't "./net groupmap list" show these groups with LDAP as well? Do we have to create these groups manually? How? Logs from the LDAP server show that Samba is desperately looking for a group with gid=-1. Manually creating a Samba groups in the LDAP directory does *not* improve the situtation. Can anyone help, please? Best regards, Alex Meier
Tang
2003-May-27 09:57 UTC
[Samba] Re: Samba 3.0alpha24 / OpenLDAP / support for groups broken?
Make sure you have the posixGroup on LDAP. And in smb.conf, put passdb backend = ldapsam guest Then try as follows: # net groupmap add rid=1000 unixgroup=domstaff type=domain ntgroup="Staff" Regards, tang. Alex Meier wrote:> Hello! > > we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating > the guest - user manually in the LDAP directory, everything seemed to > work fine. However we cannot create any group. The "net group map" > command runs without any error message, and states: > > blue# ./net groupmap add rid=999 unixgroup=syadm > Successully added group syadm to the mapping db > > Unfortunately the group was *NOT* created as "./net groupmap list" reveals: > > blue# ./net groupmap list > blue# > > When running Samba without LDAP support "./net groupmap list" shows the > build-in groups: > > blue# ./net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1 > Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1 > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > Shouldn't "./net groupmap list" show these groups with LDAP as well? Do > we have to create these groups manually? How? Logs from the LDAP server > show that Samba is desperately looking for a group with gid=-1. Manually > creating a Samba groups in the LDAP directory does *not* improve the > situtation. > > Can anyone help, please? > > Best regards, > Alex Meier > >