Se da un samba3 PDC cu ldap , pam si nss . Distributia este un debian 3 woody, ldap, pam ,nss instalate cu apt-get, numa samba 3 pus din surse. Totu merge bine si frumos, parolele se sincronizeaza intre linux si windos(adica samba). Astazi am schimbat domeniul serverului de samba, am pus domain master = no , am dat join in alt domeniu si am dat un net rpc vampire ca sa copiez toti userii de pe acel PDC (fiind un win2k) . Inregistrarile au fost adaugate in ldap, am schimbat domeiul laloc pe serverul samba. Problema este ca nu pot folosi nici unul din conturile importate. Nu merge sa dau net groupmap modify
scorpius:~# /usr/local/samba/bin/net groupmap modify ntgroup='Domain Users' unixgroup=users net: /build/buildd/openldap2-2.0.23/libraries/liblber/decode.c:500: ber_scanf: Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed. Aborted iar pe un alt grup da si cu totu alta eroare scorpius:~# /usr/local/samba/bin/net groupmap modify ntgroup='Domain Admins' unixgroup=root [2003/10/08 10:43:38, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database dar aceste grupuri exista (cel putin asa par) scorpius:~# /usr/local/samba/bin/net groupmap list Users (S-1-5-32-545) -> users Domain Admins (S-1-5-21-682003330-616249376-1417001333-512) -> Domain Admins Domain Users (S-1-5-21-682003330-616249376-1417001333-513) -> Domain Users Domain Guests (S-1-5-21-682003330-616249376-1417001333-514) -> Domain Guests Administrators (S-1-5-32-544) -> Administrators Guests (S-1-5-32-546) -> Guests Account Operators (S-1-5-32-548) -> Account Operators Server Operators (S-1-5-32-549) -> Server Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicator (S-1-5-32-552) -> Replicator Domain Computers (S-1-5-21-682003330-616249376-1417001333-515) -> Domain Computers Cred ca problema este generata de SID-uri ,se pare ca cele de pe win2k nu au fost convertite, are cineva vreo idee ? Nu pot reface conturile (sunt peste 1000), deci e musai sa le import din PDC-ul de win2k Multumesc -- Permission to live...DENIED! --- Detalii despre listele noastre de mail: http://www.lug.ro/
