Etienne, Please refer to the "Samba-3 by Example" book Chapters 5 and 6 for detailed worked examples of how to use Samba-3 with LDAP. You can download the latest version of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf
When you have it all figured out, please send me your patches to help make the Samba-HOWTO-Collection much clearer. We very much appreciate user contributions as we believe that the knowledge of the masses makes Samba a better proposition. I apologize for any lack of clarity in the Samba-HOWTO-Collection - but do point out that it is a "green" document. This means it is constantly updated, either as I receive tips, suggestions - and in particular contributions. The latest version can be found on the Samba web site as: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf I look forward to your assistance to make Samba a better product. Cheers, John T. On Tuesday 09 November 2004 11:37, Etienne Goyer wrote: > Hi, > > Two questions regarding the use of group map combined with ldapsam. > > First, the Official HOWTO is relatively unclear about what need to be > done wrt to group map when using ldapsam. It state it is the > responsability of the admin to add the group map to the ldap backend, > but nothing else. What need to be in an LDAP groupmap object ? I tried > the following LDIF, and it seem to work using "net groupmap list" : > > # Domain Users, Group, domain.com > dn: displayName=Domain Users,ou=Group,dc=domain,dc=com > objectClass: sambaSidEntry > objectClass: sambaGroupMapping > gidNumber: 100 > description: Netbios Domain Users > sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513 > sambaGroupType: 2 > displayName: Domain Users > > Notice that the object is not of objectClass posixAccount. Also not > that the gidNumber is the one of the "users" group, defined in > /etc/group. Similarly, I want to map the "Domain Guests" group to Unix > group nobody, and "Domain Admins" to group root. Are there implication > I should be aware of ? Any better way to achieve similar results ? > > > Also, I can list group map with "net groupmap list", but I fail to add > any groupmap. Example : > > [EMAIL PROTECTED] root]# net groupmap add ntgroup=blah unixgroup=wheel > No rid or sid specified, choosing algorithmic mapping > adding entry for group blah failed! > > Logs are silent. How come ? Are we supposed to managed the group map > at the LDAP level, and forego the use of "net groupmap" for this purpose? > > Thanks very much for your input ! > > Etienne Goyer -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba