Greetings!
I set up a PDC with samba 3.0.4 and openldap-2.2.14 and use
smbldap-tools to populate ldap database. I am able to use the Microsfot's
User Manager (usrmgr.exe) to add and delete users. I have a few questions
that I hope you can help me with.
1. smbldap-tools maps Domain Admins group to group ID 512. I
created domadmins group with ID 512 in /etc/group and added test as a
member of this group.
After adding user test from usrmgr.exe on a window XP
client, test is automatically members of Domain Admins and Domain Users.
Now login as test, on the windows XP client and run
usrmgr.exe, I cannot open any of the user. It always say "access
denied".
In sort, I can add/delete user as Administrator but cannot
do the same on test although test is a member of the Domain Admins group,
seeing from usrmgr.exe.
Did I miss anything? There is no sign that test belong to
a Domain Admins group from LDAP database.
2. The Administrator cannot read its roaming profiles. usrmgr and
pdbedit show its profile is at \\pdc\profiles\Administrator. The directory
is empty. What should be the correct protection and do I need some intial
entries there?
3. All users, groups, computers, have to have an entry in the
/etc/passwd or/and /etc/group first before usrmgr can add or delete them
in ldap backend. Why couldn't samba administrating them as well?
4. I thought ldap can manaing NIS but I have not seen, sorry for
my ignorance, a document to integrade NIS/Samba-PDC/openldap together.
Could someone give me a pointer? Thank you!
Thank you.
-- Kang Sun
