I have two samba servers on two separate subnets that are comprising a single domain, and one of the samba servers is also the LDAP server. I've gotten everything configured except that I can't use the groupmap command. When I run: net groupmap add sid=<SID>-512 ntgroup="Domain Admins" unixgroup=dom_admin type=domain I get this error over and over again (and increasing the log level via smbcontrol doesn't seem to provide any more information): ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) I also see this message every so often in the syslogs of both samba servers: passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Query was: "ou=Groups","dc=<domain>", (&(objectClass=sambaGroupMapping)(gidNumber=65534)) Are the samba servers trying to get group mappings from each other? Is gidNumber=65534 being used because the group mapping isn't setup? Can someone give me any advice on things to try to find the problem with my group map actions? Any help would be appreciated. Rob
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Rati wrote: | passdb/pdb_ldap.c:ldapsam_search_one_group(1612) | ldapsam_search_one_group: Problem during the LDAP search: LDAP error: | invalid DN (Invalid DN syntax)ldapsam_search_one_group: Query was: | "ou=Groups","dc=<domain>", ~ ^^^^^^^^^^^^^^^^^^^^^^^^^ Just a guess, but don't add quotes around the various LDAP suffixes in smb.conf. - -- cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4cdjIR7qMdg1EfYRAu53AJ4lZMGXN8dYSQjZYMCoaS63w/xf7ACeJu2E TIOMbTQqO41S6gv36HFeHWI=NkAz -----END PGP SIGNATURE-----
Friday, December 19, 2003, 12:02:57 AM, Robert wrote:> Beast wrote:>> >> What's the ldap.log says? >> >> --beast >>> I do not have a /var/log/ldap.log and I don't see any errors in > /var/log/syslog either (This is running on Debian stable). What log > level does slapd need to be set at (and how would one do it? I see > multiple options for logging with slapd)?by default log level is enough (256) using local4 facility. in /etc/syslog.conf make sure you have something like : local4.* -/var/log/ldap.log or run slapd without daemon mode. --beast