Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html)
k5start is running So far, i've succeeded in * modifying (posixifying) the built-in "Domain Users" * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving user and group info (for user added in AD, and not existing locally) via getent *Problem: * I'm added a new group *samba-tool group add Leerkrachten* Then i tryied posixifying the group (as i did with the builtin group "Domain Users" *s4bind upgradegroup Leerkrachten 30000* This however gives me ERR: (insufficient access rights) "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal has no write property access > <>" on DN cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal at block before line 7 Modify failed after processing 0 records It seems that there is no write access to "self" (i seem to remember something from my old openldap setup that is in place on the old samba3 domain) that specified things about "access to blablable by self write". Is there something in the directory component of s4 like this too? and how to specifiy it? Is there a way to list acls on directory objects?) *Extra info* The s4bind script does the following: 1. creates a file (* /tmp/group ) *with the following content: *dn: cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal changetype: modify add: objectClass objectClass: posixGroup - add: gidNumber gidNumber: 30000* It then runs the following command * ldbmodify --url=ldap://samba4-3.stp4.stp.internal --kerberos=yes --krb5-ccache=FILE:/tmp/krb5cc_0 /tmp/group* klist shows the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: SAMBA4-3$@STP4.STP.INTERNAL Valid starting Expires Service principal 05/20/13 09:34:48 05/20/13 19:34:48 krbtgt/stp4.stp.inter...@stp4.stp.INTERNAL 05/20/13 10:37:42 05/20/13 19:34:48 ldap/samba4-3.stp4.stp.inter...@stp4.stp.INTERNAL thanx in advance ! -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba