thanks for responding. scroll down for response.... On Fri, 2003-12-12 at 03:25, Beast wrote: > Friday, December 12, 2003, 6:17:30 AM, John wrote: > > >> > >> I don't understand why it is like this... > >> > >> Fabien > >> > > > are you suggesting this may be a problem with samba3? because i've been > > trying to resolve this issue for several days now, thinking there must > > be a problem with our ldap setup. somehow, it seems strange that this > > could be a problem with samba. we thought that perhaps samba didn't like > > something in our ldap. surely others are able to get the ntgroups to > > show correctly with ldapsam as the first backend....otherwise, no one > > would have a working samba3/ldap setup. > > > putting tdpsam as the first backend allows for ntgroups, but since we > > don't use it, none of our profiles load if we do this. users get stuck > > with temp profiles. > > > this is driving me bonkers:-) > > Hi, > > 1. you must create group mapping manually. > 2. unix group you've assigning to "Domain Admins" MUST be in ldap (not > in /etc/group).
the unix group *does* exist in ldap. i've attempted groupmapping with the correct syntax, and always get something like this: 2003/12/12 11:22:01, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1769) ldapsam_getgroup: Did not find group [2003/12/12 11:22:01, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1624) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=600))] adding entry for group Domain Admins failed! [2003/12/12 11:22:01, 2] utils/net.c:main(758) return code = -1 unfortunately, i'm no further ahead. your suggestion is much appreciated, though. thank you. --john > > ie. > > root# net groupmap modify rid=512 -d1 ntgroup="Domain Admins" > unixgroup=domadmin > > the domadmin group must be stored in ldap, not /etc/group. > > > i found lot of typo or incorrect info in smb howto collection, i've > ordering the printable version on amazon, hopefully it has different > content than the online version. > > > --john > > > > > --beast > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
