Hi I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm ldapsearch -x cn=domadm: # domadm, groups, wms-hn.de dn: cn=domadm,ou=groups,dc=my-domain objectClass: posixGroup objectClass: sambaGroupMapping cn: domadm gidNumber: 65669 memberUid: tilo sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 sambaGroupType: 2 displayName: Domain Admins description: Domain Admins The problem is "tilo" doesn't have any administrator rights. Any idea whats wrong? I use samba 3.0.7 Cheers Tilo
I could never get group mapping to work. After reading Samba 3 by example, I realized that I needed to migrate the relevant groups from /etc/group to LDAP. I have set up a few servers since then and have not had any problems. I use the migration tools from padl.com to migrate the /etc/group entries to LDAP. I only migrate the ones I need to map to Windows groups. See http://www.padl.com/OSS/MigrationTools.html This is clearly stated in Samba 3 by example but I did not see it in the Official Samba 3 How To. "Tilo Lutz" <TiloLutz@gmx.de> wrote in message news:25962.1097319267@www5.gmx.net...> Hi > > I got a problem with groupmapping. It doesn't work correct: > > Wilma2:/home/root # net groupmap list | grep 512 > Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm > > ldapsearch -x cn=domadm: > # domadm, groups, wms-hn.de > dn: cn=domadm,ou=groups,dc=my-domain > objectClass: posixGroup > objectClass: sambaGroupMapping > cn: domadm > gidNumber: 65669 > memberUid: tilo > sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 > sambaGroupType: 2 > displayName: Domain Admins > description: Domain Admins > > > The problem is "tilo" doesn't have any administrator rights. > > Any idea whats wrong? I use samba 3.0.7 > > Cheers Tilo > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
What 'getent group domadm' returns you? I suspect that it does not have tilo as a member. If you have the same posixGroup defined both in /etc/group and in LDAP and what to have definition (and member list) to be taken from LDAP instead of local file you need to list 'ldap' before 'files' in your group description in /etc/nsswitch.conf: group: ldap files Hope it helps, Igor Tilo Lutz wrote:> Hi > > I got a problem with groupmapping. It doesn't work correct: > > Wilma2:/home/root # net groupmap list | grep 512 > Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm > > ldapsearch -x cn=domadm: > # domadm, groups, wms-hn.de > dn: cn=domadm,ou=groups,dc=my-domain > objectClass: posixGroup > objectClass: sambaGroupMapping > cn: domadm > gidNumber: 65669 > memberUid: tilo > sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 > sambaGroupType: 2 > displayName: Domain Admins > description: Domain Admins > > > The problem is "tilo" doesn't have any administrator rights. > > Any idea whats wrong? I use samba 3.0.7 > > Cheers Tilo >