similar to: Nested Groups

Hi all, I'm using Samba 3.2.7 with openldap 2.4.13 and have problems with winbind. If winbindd is started, he needs two minutes, until he is responding to queries. That makes it hard to debug problems. May be winbindd is waiting for WINS answers? The problem, the man page says this: ldap group suffix (G) This parameter specifies the suffix that is used for groups when these are added to

Hi, I have a question about sambaGroupType attribute on a Samba 3.2 PDC with LDAP backend (and nss_ldap + nss_winbind). What should be the value for Administrators builtin group ? If i use smbldap-populate from smbldap-tools, the value of sambaGroupType is 5 (and the LDAP entry for this group is a posixGroup and a sambaGroupMapping). I've also noticed that "wbinfo -g" doesn't

Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my

Hi All, The bundled "samba-schema-netscapeds5.x" file provides the schema for Samba 2.2.x attributes not 3.x. I have successfully imported this schema into the iPlanet directory server, and then run the smbldap-migrate-accounts.pl script. This created posixAccount objects but not sambaAccount objects. I later learned that the script calls smbldap-useradd.pl which is designed to create

> > Two things Louis: > > if you look very closely at the differences in the 'ERROR' message, you > will find the only difference is this: > > O:LAG:DAD:PAR( > > against the expected: > > O:DAG:DAD:PAR( > > The returned ACL is owned by the 'Local Admins', but it should be owned > by 'Domain Admins'. As far as I can see,

I have spent the last few days attempting to get a Samba3 PDC/BDC setup with an LDAP SAM and need some clarification on exactly what should/can be initialized in the LDAP SAM. As my main sources of information/inspiration I have been using http://http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP and the smbldap-tools source code, but have also

Hi, guys, I'm trying to create a PDC using Samba with an LDAP backend. According to all the guides I read, this should be fairly easy really, but I've done nothing else for the last week and it still doesn't work the way the manual says it should! As far as I can see, everything is set up and working correctly right up to the point when I try and join a machine to the domain.

Hi I have a little problem with my ldap authorization of samba against Novel LDAP server. This is the log output from the Novel Ldap server: ---------------------------------------------------------------------------------------------------- New TCP connection 0xcb1e3980, monitor = 0x1bf, index = 2 (0xcb1e3980:0x0001:0x60) DoBind on connection 0xcb1e3980 (0xcb1e3980:0x0001:0x60) DoBind: name =

Hi I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm ldapsearch -x cn=domadm: # domadm, groups, wms-hn.de dn: cn=domadm,ou=groups,dc=my-domain objectClass: posixGroup objectClass: sambaGroupMapping cn: domadm gidNumber: 65669 memberUid: tilo sambaSID:

Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. Here is my config: Debian Squeeze: ii samba 2:3.5.6~dfsg-3squeeze8 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.5.6~dfsg-3squeeze8 common files used by both the Samba

I can NOT find any information on how to get the following into the LDAP tr= ee (and where they should be located) from the documentation. I am definite= ly an LDAP beginner and assembling the tree from reading schema's is still = over my head. I am able to connect to samba using only LDAP authentication = and can add users, but that is all I can successfully do, "net groupmap add=

My apologies if this is off-topic... On a centos6.4 system I installed 389 server from EPEL. It seems to work well enough. However I'm trying to script things, rather than do it via the GUI. So, for example, I want to add a new suffix: #!/bin/ksh -p pswd=$(cat ~/passwd) add() { echo "dn: cn=example,cn=ldbm database,cn=plugins,cn=config changetype: add objectclass:

I am looking at my computer accounts that were created using smbldap-useradd.pl -w workstationname. And I see the following objectClasses: top inetOrgPerson posixAccount sambaSamAccount I understand I need one structural objectClass, but don't understand why inetOrgPerson is being used. Couldn't I use sambaSidEntry instead? sambaSidEntry is structural, and only requires sambaSID.

Hi ! When I create a user with samba-ldap tools, the userRid is calculated if the -x option is set. The userGroupRid is calculated too. But is the groumapping is enabled, the SambaPrimaryGroupSID not correspond with SambaSID of groupmapping Example : Groupe "Domain Users" : gidNumber 100 displayName Domain Users objectClass sambaGroupMapping sambaSID

Hi, I have managed to configure Samba+LDAP+smbldap-tools. Everything works fine, except one strange problem is appearing. When I connect with Windows tool UserManagerForDomains or I want to create a share on a Wndows box I can see the users but no groups. With UserManagerForDomains is see following: Users: All the users Groups: none, just description of Replicators Group and the

Hi all, I have Samba server joined Active Directory domain based on win2008r2, using LDAP as idmap backend. Recently I upgraded from 3.3.x to 3.5.x (Sernet RPMs for Centos4). Now I constantly observe those messages in log: [2011/02/03 09:10:25.696896, 0] winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping) ldap_set_mapping_internals: Failed to add S-1-5-21-3807515285-1394671770-2144936185-513

When I try to join the wks into samba domain using Administrator account I receive following in logfile: [2003/11/20 10:03:21, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2003/11/20 10:03:21, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x00000201; required:

Hello! I'm running Samba 3.0.0 with Openldap 2.1.22. Samba is my PDC and I'm using ldapsam as backend. Nearly everythings works, but I have a public share [tmp] which should be accessible without authentication from all clients even if they are no domain members. I think, my share definition is o.k. in smb.conf but if I click on the Samba server symbol on a client (Microsoft Windows

I'm following along in the Samba 3 By Example.pdf and on Page 190 it has me run: [root@gomer ~]# smbldap-useradd -m -a test2 No such object at /usr/sbin//smbldap_tools.pm line 473. I am running smbldap_tools .0.9.4 and I have ran configure.pm and set it up correctly. The stanza in the code of line 473: # all entries = does_sid_exist($sid,$config{scope}) sub does_sid_exist { my $sid =

I'm trying to iron out all the problems on my PDC. It's setup with a LDAP backend that's replicated to an ldap slave/BDC. Here's the problem: # smbldap-groupshow 'domain admins' dn: cn=Domain Admins,ou=People,dc=strozllc,dc=com objectClass: posixGroup,sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator,root,astanley description: Netbios Domain