Hi,
I am trying to get samba running with LDAP password backend, but having
some trouble with the rights.
Dist. : SuSE 9.0
LDAP: OpenLDAP 2.1.22
Samba: 3.0.1
It work's great when i login in for a Win98 box, but when i try to
import a WinXP box i get the following in my log file.
//--snip--
[2004/01/27 20:36:25, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [administrator] ->
[administrator] -> [Administrator] succeeded
[2004/01/27 20:36:25, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
Returning domain sid for domain IT-TRANS ->
S-1-5-21-3079347702-147214601-1898991890
[2004/01/27 20:36:25, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2004/01/27 20:36:25, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
Returning domain sid for domain IT-TRANS ->
S-1-5-21-3079347702-147214601-1898991890
[2004/01/27 20:36:25, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
0x00000010)
[2004/01/27 20:36:25, 2] smbd/server.c:exit_server(558)
Closing connections
//--snip--
I suppose my problem is in the groupmapping's. ?
My current mappings are like below:
Domain Admins (S-1-5-21-3079347702-147214601-1898991890-512) -> Domain
Admins
Domain Users (S-1-5-21-3079347702-147214601-1898991890-513) -> Domain Users
Domain Guests (S-1-5-21-3079347702-147214601-1898991890-514) -> Domain
Guests
Administrators (S-1-5-21-3079347702-147214601-1898991890-544) ->
Administrators
users (S-1-5-21-3079347702-147214601-1898991890-545) -> Users
Guests (S-1-5-21-3079347702-147214601-1898991890-546) -> Guests
Power Users (S-1-5-21-3079347702-147214601-1898991890-547) -> Power Users
Account Operators (S-1-5-21-3079347702-147214601-1898991890-548) ->
Account Operators
Server Operators (S-1-5-21-3079347702-147214601-1898991890-549) ->
Server Operators
Print Operators (S-1-5-21-3079347702-147214601-1898991890-550) -> Print
Operators
Backup Operators (S-1-5-21-3079347702-147214601-1898991890-551) ->
Backup Operators
Replicator (S-1-5-21-3079347702-147214601-1898991890-552) -> Replicator
Domain Computers (S-1-5-21-3079347702-147214601-1898991890-553) ->
Domain Computers
This is the default after running "smbldap-populate.pl" from the
ldap-tools.
From the documentation, the "Domain Admins" have to be mapped to
unixgroup=root or another group with gidnumber=0 (Right ?)
Now, executing "net groupmap modify ntgroup="Domain Admins"
unixgroup=root type=domain" is succesfull, but the mappings don't
change
"Domain Admins" is stille pointing at "Domain Admins" ?
I also tried to create a posix group in LDAP with gidnumber=0, and made
a mapping from the "Domain Admins" but the mapping still don't
change.
Could some one kindly point me in the right direction.
Thanks.
Best regards
Erik
