Ok i have removed all of my groups from LDAP, downloaded smbldap-tools-0.8.5
used smbldap-populate to create my groups again.
however when i add a user to a group the users still seem not to be "registered" in the group.
This is how i created and added a user to a group.
quigon1:~ #./smbldap-useradd -a test123 quigon1:~#./smbldap-passwd test123 quigon1:~#./smbldap-groupmod -m test123 "Domain Admins"
In theory the user should now be a member of both "Domain Users" and "Domain Admins", however....
quigon1:/opt/smbldap-tools-0.8.5 # groups test123 test123 : users
quigon1:/opt/smbldap-tools-0.8.5 # id test123 uid=21690(test123) gid=100(users) groups=100(users)
it doesnt show the user in the domain admin groups, also says the gid =100 when its set to 513 in LDAP???...
if i do a lookup on the group.....it says the user is in the group.
quigon1:~ # getent group "Domain Users" Domain Users:x:513:test123
quigon1:~ # getent group "Domain Admins" Domain Admins:x:512:Administrator,test123
on a different note how do you go about creating a new group?
The way i think is
1) Create a new PosixGroup in LDAP 2) quigon1:~# net groupmap add unixgroup=<group> ntgroup=<group> type=domain
is this the way?
Regards
Daniel
Paul Gienger wrote:
quigon1:~ # getent groups Unknown database: groups
Oh yeah, duh... you know, I thought I made a mistake once, but then when I reexamined the situation, it turned out that I didn't... AAAANYWAY
the populate script made this for me: [fgoserv:tmp]# getent group "Domain Admins" Domain Admins::512:Administrator,pgienger,smoorhou,rklose,speterso
but I see you have a ntadmin and nothing like the "Domain Users" so I wonder if you used an old version of the script package. I would suggest getting the newest version of the tool package and re-running the populate script.
quigon1:~ # groups ws0dwi id: cannot find name for group ID 901 quigon1:~ # id ws0dwi uid=186712(ws0dwi) gid=901 groups=901
This leads me to ask where group 901 is/should be coming from. Did you start making samba groups in LDAP without creating them as posix groups first? The procedure should be to make the group in unix, presumably you should do this in ldap with whatever tool you like (gq, phpldapadmin, bare metal LDIF file input) and then do a groupmapping with a "net groupmap add" command.
yes my groups were created using smbldap-populate.pl, but i cant see it being mapped to any UNIX group, which group should it be mapped to and how is the done?
Again, this should all be taken care of for you. You should end up with this: (among some others perhaps)
[fgoserv:tmp]# /opt/samba/bin/net groupmap list
Domain Admins (S-1-5-21-112718084-1284083569-2990761952-512) -> Domain Admins
Domain Users (S-1-5-21-112718084-1284083569-2990761952-513) -> Domain Users
Domain Guests (S-1-5-21-112718084-1284083569-2990761952-514) -> Domain Guests
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Domain Computers (S-1-5-21-112718084-1284083569-2990761952-515) -> Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Power Users (S-1-5-32-547) -> Power Users
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Wilson Systems Administrator
IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
