thr3ads.net - samba - [Samba] re:ldap group mapping problems [Jan 2004]

If this information is useful, please help other people find it:
Share via:

John H.

2004-Jan-27 05:26 UTC

[Samba] re:ldap group mapping problems

well, they both have the same sid, for some bizarre reason.

net groupmap list -s /etc/samba/smb.ldap |grep "Admin"
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> 512
Administrators (S-1-5-21-4070452498-3149834983-2923667569-544) -> 544
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> ntadmin

and see, it has a posixgroup entry?

# LDIF Export for: cn=Domain Power Users,ou=Group,dc=INTRANET
# Generated by phpLDAPadmin on January 26, 2004 11:19 pm
# Server: LROL LDAP Server (127.0.0.1)
# Search Scope: base
# Total entries: 1
 
# Entry 1: cn=Domain Power Users,ou=Group,dc=INTRANET
dn: cn=Domain Power Users,ou=Group,dc=INTRANET
objectClass: posixGroup
gidNumber: 513
cn: Domain Power Users

which I am trying to map to this
# Entry 1: cn=users,ou=Group,dc=INTRANET
dn: cn=users,ou=Group,dc=INTRANET
cn: users
userPassword: {crypt}x
gidNumber: 539
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
phpgwAccountStatus: A
phpgwAccountType: g
phpgwAccountExpires: -1

so users in "users" will have, obviously, Domain Power User status on
NT machines(this is the way I had it setup with smbpasswd






 --- On Mon 01/26, Gerald (Jerry) Carter < jerry@samba.org > wrote:
From: Gerald (Jerry) Carter [mailto: jerry@samba.org]
To: mrmailer@myway.com
     Cc: samba@lists.samba.org
Date: Mon, 26 Jan 2004 20:17:28 -0600 (CST)
Subject: Re: [Samba] net: ../../../libraries/liblber/decode.c...

-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>On
Mon, 26 Jan 2004, John H. wrote:<br><br>> i thought i had, but
apparently not, so i did that and this is what i<br>> have now(as you
can see, there are two entries)<br>><br>> net groupmap list -s
/etc/samba/smb.ldap<br>> Power Users
(S-1-5-21-4070452498-3149834983-2923667569-547) ->
547<br>....<br>> is that ok?<br><br>As long as you
remember that different SIDs == different groups from a<br>Windows client
perspective.<br><br>> I wanted to add Domain Power users, and did
this...<br>><br>><br>> net groupmap add
ntgroup="Domain Power Users" \<br>>   unixgroup=users
\<br>>   sid=S-1-5-21-4070452498-3149834983-2923667569-1201
\<br>>   -s /etc/samba/smb.ldap<br>><br>> adding
entry for group Domain Power Users failed!<br><br>If you don't
have a posixGroup entry in you LDAP Directory, then <br>the add will fail.
We don't support mapping an LDAP entry to a <br>local UNIX group.  It
all has to be in the directory
service.<br><br><br><br><br><br><br>cheers,
jerry<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.2.0
(GNU/Linux)<br>Comment: For info see
http://quantumlab.net/pine_privacy_guard/<br><br>iD8DBQFAFco9IR7qMdg1EfYRApDBAJ9oX0mUUIUx8IJoiSpksenkavdxkgCfRxxG<br>9Aed+P2m4WeKhrPPLgS3qYc=<br>=Wu3d<br>-----END
PGP SIGNATURE-----<br><br>

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

Seemingly Similar Threads

Search for more maybe matching threads

samba - Jan 2004 - re:ldap group mapping problems

[Samba] re:ldap group mapping problems

Seemingly Similar Threads

Wisdom of the Ancients