On Wed, Oct 14, 2009 at 19:20, Thierry Lacoste < [email protected]> wrote:
> > On 14 oct. 09, at 18:36, Gaiseric Vandal wrote: > > I supposed it depends if Samba is configured to automatically create the >> underlying unix accounts when you create samba accounts. My setup doesn't. >> I created a "user" account in ldap for my BDC. (the unix passwd shd be >> *LK* and the shell shd be /bin/false) Running "net rpc join" will then add >> the appropriate samba attributes. >> >> I think you also need to grab the domain SID >> >> BDC# net rpc getsid >> Password: >> Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb >> # >> >> >> However, I am not sure the domainsid for the machine is meant to match the >> domainsid of the domain. On my PDC, they match. On the BDC, they don't. >> I am not sure if I need to change that. >> > They shoul match (see e.g. > http://lists.samba.org/archive/samba/2007-August/134734.html). > > group mappings do NOT seem to be stored in ldap. So you either need to >> copy the approp tdb file over or run the identical net group map commands on >> the BDC. >> > Group mappings should be stored in LDAP. > This is the purpose of the sambaGroupMapping auxiliary objectClass which > extends the posixGroup structural objectClass in a typical samba/ldap > implementation. > Thanx a lot, Thierry, you've helped me a lot... Is there a communication channel (other than this list, given that the samba-docs list is long gone) for commenting on the documentation itself? I don't think my stumbling abouts are only because of my particular kind of foolishness and maybe a couple more notes at the bottom of http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#id2568624might help other people (those with my /general/ kind of foolishness :-P ). Regards and thanx again -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
