Alex Meier
2003-May-26 14:19 UTC
[Samba] Samba 3.0alpha24 / OpenLDAP / support for groups broken?
Hello!
we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating
the guest - user manually in the LDAP directory, everything seemed to
work fine. However we cannot create any group. The "net group map"
command runs without any error message, and states:
blue# ./net groupmap add rid=999 unixgroup=syadm
Successully added group syadm to the mapping db
Unfortunately the group was *NOT* created as "./net groupmap list"
reveals:
blue# ./net groupmap list
blue#
When running Samba without LDAP support "./net groupmap list" shows
the
build-in groups:
blue# ./net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1
Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Shouldn't "./net groupmap list" show these groups with LDAP as
well? Do
we have to create these groups manually? How? Logs from the LDAP server
show that Samba is desperately looking for a group with gid=-1. Manually
creating a Samba groups in the LDAP directory does *not* improve the
situtation.
Can anyone help, please?
Best regards,
Alex Meier
Tang
2003-May-27 09:57 UTC
[Samba] Re: Samba 3.0alpha24 / OpenLDAP / support for groups broken?
Make sure you have the posixGroup on LDAP. And in smb.conf, put passdb backend = ldapsam guest Then try as follows: # net groupmap add rid=1000 unixgroup=domstaff type=domain ntgroup="Staff" Regards, tang. Alex Meier wrote:> Hello! > > we are trying to get Samba 3.0a24 to work with OpenLDAP. After creating > the guest - user manually in the LDAP directory, everything seemed to > work fine. However we cannot create any group. The "net group map" > command runs without any error message, and states: > > blue# ./net groupmap add rid=999 unixgroup=syadm > Successully added group syadm to the mapping db > > Unfortunately the group was *NOT* created as "./net groupmap list" reveals: > > blue# ./net groupmap list > blue# > > When running Samba without LDAP support "./net groupmap list" shows the > build-in groups: > > blue# ./net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Admins (S-1-5-21-3844847972-810955303-936295742-512) -> -1 > Domain Users (S-1-5-21-3844847972-810955303-936295742-513) -> -1 > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Domain Guests (S-1-5-21-3844847972-810955303-936295742-514) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > Shouldn't "./net groupmap list" show these groups with LDAP as well? Do > we have to create these groups manually? How? Logs from the LDAP server > show that Samba is desperately looking for a group with gid=-1. Manually > creating a Samba groups in the LDAP directory does *not* improve the > situtation. > > Can anyone help, please? > > Best regards, > Alex Meier > >