Hi all,
I have a Samba PDC running OpenLDAP 2.3.6 and Samba 3.0.20. I've followed
the
scheme laid down in the smb/ldap document at www.idealx.org and have used the
smbldap-tools from the same site to configure the Samba groups and base
accounts.
Using smbldap-useradd -a <user> I've set up 700 user accounts (300 max
active
at a time) and have the home directories on the PDC and a seperate apps share
on a second Samba server (same versions) configured as a domain member.
On the PDC, I've got nss_ldap and pam_ldap configured and can log into the
Samba accounts even though there are no equivalent UNIX accounts for the
Samba users. On the user's Samba shares, I have set the permissions to rwx
r-x --- for the owner and the group "Domain Admins" so I can use a
Domain
Admin account to perform backups via NFS to a live backup server.
On the second server I have winbind running and executing wbinfo -u lists the
domain users and wbinfo -g lists the domain groups. I can authenticate on the
server using a Domain User login but I can't set the group ownership of a
folder or file to Domain Users in the same way I can the set the shares on
the PDC for Domain Admins.
I have mapped the Domain Users group to a local group called users on the
second server and set the group ownership of the share to to use it but I get
access denied. I can run chgrp 513 on the folder and I get access for Domain
Users but the group ownership appears as 513. If i run net groupmap list, I
get an entry that says:
Domain Users -> S-1-xxxxxxxxxxxxx -> users
I'm obviously missing something obvious. Any clues?
Cheers,
jools
