"Dr. Hansjoerg Maurer" wrote: > > Hi, > > I installed samba 2.2.6 as pdc with openldap 2.0.23 and most things are > working. > Thanks for your great work. > But I have a few technical questions about details, which I am not sure > about and a few problems with usrmgr.exe > > I took the samba.shema included in 2.2.6 and the ldif from IDEALIX. > Then I had many Groups in Ldap (Domain Admins, Domain Users etc) > With the ldif from above, these groups e.g. the Domain Admin group had > gid's of about 200 to 220. > I changed it to 512,513 ... because I have heard, that this is the GID > of Domain Admin , Domain Users ...(I have no posix Unix group in > /etc/group with this ID). > Same with Doamin Users (513) Domain guest (514). > Are these changes necessary? > Do I need Unix groups with this GID?
Don't confuse RIDs (an NT concept, and shared between all users and all groups) with unix uids and gids. > Next question: > What is the correct primaryGroupID of a Domain-User? 513 or > 2*gidNumber(Unix)+1001 ? LDAP in HEAD allows you to specify a fixed RID for a user/group, but otherwise it uses that algorithm. The 'well known' users/groups need to keep their 'well known' rids. > If I want a User to be a Domain Admin can I just put him in the Domain > Admin Group in ldap? > I have > domain admin group = " @"Domain Admins" " > in smb.conf > Is an /etc/group entry necessary f�r this? > (Background the Server has the Unix groups in ldap too) > > Apart from this questions I have some problems with usrmgr.exe, which > are not serious. > But I just want to know, if these are limitations or if I did somthing > wrong. > First of all, usrmgr is able to show all values in ldap (great). > If I edit a real name of an user, it works. > But after saving the changes, I get a message on the windows side: > "The following error changing properties of user maurer occured: group > name could not be found" (translated from german) > But the changes are submitted to ldap correctly. > > When I edit the properties of an user (eg real name), during the the > save values of logofftime, kickofftime,pwdmustchange are changed form > 2147483647 to 0 > >From this point on, I am unable to change the pwdmustchange settings > with usmgr. > I habe to insert a value greater 2000000000 into ldap by hand , to > deactivate pwdmustchange. The issues with LDAP and usrmgr are fixed in current HEAD, and should be merged in to 3.0 shortly. For once usrmgr actually works pretty well! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
