Matthew Thompson
2006-Sep-25 07:21 UTC
[Samba] Samba/LDAP - using Poledit for security templates.
Hi samba gurus, I have a successful install of samba/LDAP (on FC5) and am looking at applying security templates for different groups. I had this successfully working on my old RH9 box running samba (but not using LDAP). Using poledit, I created groups (sales, it, etc) that were the same as my linux groups, and created a Ntconfig.POL file. Referring to this article for use on poledit.exe and applying a security template to a samba domain: http://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba On the new setup, when I create new groups using the smbldap-tools, all appears to be correct. My user can join that group and it shows up with 'id' and 'getent group'. My problem is with poledit.exe... when I create groups (for the purpose of applying security settings to my different groups) it seems as if they don't pickup the newly created groups within my LDAP directory. When I make changes to the "default users" group, those settings do apply, but any settings made to the newly created group does not. This to me would rule out a permission issue on the *.POL file. There is as setting within poledit.exe where you can browse for groups within the domain. I cannot view any non default groups (as in the ones I created after smbldap-populate - it, sales, etc). I thought that this may have had something to do with it, however, my old RH9 box cannot view additional groups either, and it worked. I'm new to Linux and samba/LDAP - so I'm not exactly sure whether I'm asking the right people. However, I thought I start with you guys and progress further if need be. Thanks for you time and thoughts on this. Regards Matthew Thompson
Cleber P. de Souza
2006-Sep-26 17:42 UTC
[Samba] Samba/LDAP - using Poledit for security templates.
Have you defined the Samba SID for the new group you created? Are the base SID equal to that in the Samba domain? On 9/24/06, Matthew Thompson <matthew.thompson@startrackexpress.com.au> wrote:> Hi samba gurus, > > I have a successful install of samba/LDAP (on FC5) and am looking at > applying security templates for different groups. > > I had this successfully working on my old RH9 box running samba (but not > using LDAP). Using poledit, I created groups (sales, it, etc) that were > the same as my linux groups, and created a Ntconfig.POL file. > > Referring to this article for use on poledit.exe and applying a security > template to a samba domain: > > http://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba > > On the new setup, when I create new groups using the smbldap-tools, all > appears to be correct. My user can join that group and it shows up with > 'id' and 'getent group'. > > My problem is with poledit.exe... when I create groups (for the purpose > of applying security settings to my different groups) it seems as if > they don't pickup the newly created groups within my LDAP directory. > When I make changes to the "default users" group, those settings do > apply, but any settings made to the newly created group does not. This > to me would rule out a permission issue on the *.POL file. > > There is as setting within poledit.exe where you can browse for groups > within the domain. I cannot view any non default groups (as in the ones > I created after smbldap-populate - it, sales, etc). I thought that this > may have had something to do with it, however, my old RH9 box cannot > view additional groups either, and it worked. > > I'm new to Linux and samba/LDAP - so I'm not exactly sure whether I'm > asking the right people. However, I thought I start with you guys and > progress further if need be. > > > > Thanks for you time and thoughts on this. > > > > Regards > > > > Matthew Thompson > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- *** Cleber P. de Souza