Hello: I have an nt domain comprised of a samba/openldap pdc with windows xp sp2 clients. *samba 3.0.28a-1 slapd 2.4.9-0 smbldap-tools 0.9.4-1 Ubuntu 8.04 Server LTS Windows Xp SP2 * I have two problems which I think are related. - using "gpresult" from an xp client on the domain, the user is not shown as being a "Power Users", even with their primary group (-g) set to "Power Users" - I cannot add a local security group from the ldap server, I can't see any of the groups, I can see and add users however *dn: cn=Power Users,ou=Groups,dc=*****,dc=bz objectClass: top,posixGroup,sambaGroupMapping cn: Power Users gidNumber: 547 sambaGroupType: 5 displayName: Power Users sambaSID: S-1-5-32-547 * I need the "Power Users" groups for Quickbooks. I would be useful if the "Power Users" privilliges were inheritted from the domain. I'd settle for adding the Domain "Power Users" group as a local security group. Thanks. -- Charles Burrell Belmopan, Belize University of Belize Alma Mater
Am Mittwoch, 28. Januar 2009 23:45 schrieb charles:> Hello: > > I have an nt domain comprised of a samba/openldap pdc with windows xp > sp2 clients. > *samba 3.0.28a-1 > slapd 2.4.9-0 > smbldap-tools 0.9.4-1 > Ubuntu 8.04 Server LTS > Windows Xp SP2 > * > > I have two problems which I think are related. > - using "gpresult" from an xp client on the domain, the user is not > shown as being a "Power Users", even with their primary group (-g) > set to "Power Users" > - I cannot add a local security group from the ldap server, I can't > see any of the groups, I can see and add users however > *dn: cn=Power Users,ou=Groups,dc=*****,dc=bz > objectClass: top,posixGroup,sambaGroupMapping > cn: Power Users > gidNumber: 547 > sambaGroupType: 5Local groups must have sambaGroupType: 4 It is a bug in smbldap-tools. Search the archiv for the patch, and edit your existing groups manually.> displayName: Power Users > sambaSID: S-1-5-32-547 > * > > I need the "Power Users" groups for Quickbooks. I would be useful if > the "Power Users" privilliges were inheritted from the domain. I'd > settle for adding the Domain "Power Users" group as a local security > group. > > Thanks. > > -- > Charles Burrell > > Belmopan, Belize > University of Belize Alma Mater-- Gruss Harry Jede
Hello: I have an nt domain comprised of a samba/openldap pdc with windows xp sp2 clients. *samba 3.0.28a-1 slapd 2.4.9-0 smbldap-tools 0.9.4-1 Ubuntu 8.04 Server LTS Windows Xp SP2 * I have two problems which I think are related. - using "gpresult" from an xp client on the domain, the user is not shown as being a "Power Users", even with their primary group (-g) set to "Power Users" - I cannot add a local security group from the ldap server, I can't see any of the groups, I can see and add users however *dn: cn=Power Users,ou=Groups,dc=*****,dc=bz objectClass: top,posixGroup,sambaGroupMapping cn: Power Users gidNumber: 547 sambaGroupType: 5 displayName: Power Users sambaSID: S-1-5-32-547 * I need the "Power Users" groups for Quickbooks. I would be useful if the "Power Users" privilliges were inheritted from the domain. I'd settle for adding the Domain "Power Users" group as a local security group. Thanks. -- Charles Burrell Belmopan, Belize University of Belize Alma Mater
> > > ---------- Forwarded message ---------- > From: Harry Jede <walk2sun@arcor.de> > To: samba@lists.samba.org > Date: Thu, 29 Jan 2009 02:32:56 +0100 > Subject: Re: [Samba] domain power users > Am Mittwoch, 28. Januar 2009 23:45 schrieb charles: > > Hello: > > > > I have an nt domain comprised of a samba/openldap pdc with windows xp > > sp2 clients. > > *samba 3.0.28a-1 > > slapd 2.4.9-0 > > smbldap-tools 0.9.4-1 > > Ubuntu 8.04 Server LTS > > Windows Xp SP2 > > * > > > > I have two problems which I think are related. > > - using "gpresult" from an xp client on the domain, the user is not > > shown as being a "Power Users", even with their primary group (-g) > > set to "Power Users" > > - I cannot add a local security group from the ldap server, I can't > > see any of the groups, I can see and add users however > > *dn: cn=Power Users,ou=Groups,dc=*****,dc=bz > > objectClass: top,posixGroup,sambaGroupMapping > > cn: Power Users > > gidNumber: 547 > > sambaGroupType: 5 > Local groups must have > sambaGroupType: 4 > > It is a bug in smbldap-tools. Search the archiv for the patch, and edit > your existing groups manually. > > > displayName: Power Users > > sambaSID: S-1-5-32-547 > > * > > > > I need the "Power Users" groups for Quickbooks. I would be useful if > > the "Power Users" privilliges were inheritted from the domain. I'd > > settle for adding the Domain "Power Users" group as a local security > > group. > > > > Thanks. > > > > -- > > Charles Burrell > > > > Belmopan, Belize > > University of Belize Alma Mater > > -- > > Gruss > Harry Jede >Hello, Thanks Harry. I edited the smbldap-populate script and added the Power Users entry to the LDAP database using the script. dn: cn=Power Users,ou=Groups,dc=origin,dc=bz objectClass: top,posixGroup,sambaGroupMapping gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers sambaSID: S-1-5-32-547 sambaGroupType: 4 displayName: Power Users The group type is now local. However the Power User privileges still do not apply and gpresult doesn't list membership. Furthermore, LDAP Admin shows the group as being local but doesn't show any members although there is one member. Members of other "local" groups are listed in said groups. Any ideas from anyone? -- Charles