thr3ads.net - samba - [Samba] Idmap and ldap backend not working on domain member [Feb 2004]

If this information is useful, please help other people find it:
Share via:

Krištof Petr

2004-Feb-20 17:09 UTC

[Samba] Idmap and ldap backend not working on domain member

Hello,

on domain member idmap against ldap is not working.

I tryed to dump network communication between MEMBER and ldap
server, but Ethereal (0.10.0a)  says packets (3 pieces at all) are 
corrupted and can not be
analysed (I have ldap ssl = off).

Our setup:
Samba domain seems to be working, WinXP logons to domain and users
did not report any problems. Server is PDC on samba (3.0.2 on linux 
Fedora Core 1) and
all accounts (unix, samba) and groups (posix, samba build-in) are stored 
on ldap server.

Now, I added another samba machine as domain member.
[root@member]# net join -S PDC -UAdministrator%password
[root@member]# smbpasswd -w secret

My ldap setting is fine I hope:

[root@member]# id Administrator
uid=998(Administrator) gid=512(Domain Admins) groups=512(Domain Admins)

[root@member]# getent group "Domain Admins"
Domain Admins:x:512:Administrator

But 'net groupmap list' is not working

[root@member]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3625374334-2768020895-3115484427-512) -> -1
Domain Guests (S-1-5-21-3625374334-2768020895-3115484427-514) -> -1
Power Users (S-1-5-32-547) -> -1

My smb.con is:

[global]
workgroup = COMPANY
netbios name = MEMBER
security = domain
password server = PDC
encrypt passwords = yes

ldap ssl = off
ldap admin dn = cn=Manager,dc=company,dc=com
ldap suffix = dc=company,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
idmap backend = ldap:ldap://ldap.company.com/
ldap idmap suffix = ou=Group
idmap uid = 10000-20000
idmap gid = 10000-20000


When I make some new group mapping on MEMBER, changes are stored
locally on /var/cache/samba/*

I think the communication between MEMBER and ldap fails due some bug,
so groupmaps continues to work locally.

Thanks for advice
Petr

-- 
Chief B.O.F.H. Officer
When proprietary IM sucks - jabber://kristof.p@njs.netlab.cz
IPv4 sucks too. Ping6 to ::1/128
UTF-8 rules: +??????????

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Feb 2004 - Idmap and ldap backend not working on domain member

[Samba] Idmap and ldap backend not working on domain member

Seemingly Similar Threads

Wisdom of the Ancients