[Samba] re:ldap group mapping problems

John H. Mon, 26 Jan 2004 22:28:23 -0800

well, they both have the same sid, for some bizarre reason.

net groupmap list -s /etc/samba/smb.ldap |grep "Admin"
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> 512
Administrators (S-1-5-21-4070452498-3149834983-2923667569-544) -> 544
Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> ntadmin


and see, it has a posixgroup entry?

# LDIF Export for: cn=Domain Power Users,ou=Group,dc=INTRANET
# Generated by phpLDAPadmin on January 26, 2004 11:19 pm
# Server: LROL LDAP Server (127.0.0.1)
# Search Scope: base
# Total entries: 1
 
# Entry 1: cn=Domain Power Users,ou=Group,dc=INTRANET
dn: cn=Domain Power Users,ou=Group,dc=INTRANET
objectClass: posixGroup
gidNumber: 513
cn: Domain Power Users

which I am trying to map to this
# Entry 1: cn=users,ou=Group,dc=INTRANET
dn: cn=users,ou=Group,dc=INTRANET
cn: users
userPassword: {crypt}x
gidNumber: 539
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
phpgwAccountStatus: A
phpgwAccountType: g
phpgwAccountExpires: -1

so users in "users" will have, obviously, Domain Power User status on NT machines(this 
is the way I had it setup with smbpasswd






 --- On Mon 01/26, Gerald (Jerry) Carter < [EMAIL PROTECTED] > wrote:
From: Gerald (Jerry) Carter [mailto: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
     Cc: [EMAIL PROTECTED]
Date: Mon, 26 Jan 2004 20:17:28 -0600 (CST)
Subject: Re: [Samba] net: ../../../libraries/liblber/decode.c...

-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>On Mon, 26 Jan 2004, John H. 
wrote:<br><br>> i thought i had, but apparently not, so i did that and this is what 
i<br>> have now(as you can see, there are two entries)<br>><br>> net groupmap list -s 
/etc/samba/smb.ldap<br>> Power Users (S-1-5-21-4070452498-3149834983-2923667569-547) 
-> 547<br>....<br>> is that ok?<br><br>As long as you remember that different SIDs == 
different groups from a<br>Windows client perspective.<br><br>> I wanted to add Domain 
Power users, and did this...<br>><br>><br>> net groupmap add ntgroup="Domain Power 
Users" \<br>>   unixgroup=users \<br>>   
sid=S-1-5-21-4070452498-3149834983-2923667569-1201 \<br>>   -s 
/etc/samba/smb.ldap<br>><br>> adding entry for group Domain Power Users 
failed!<br><br>If you don't have a posixGroup entry in you LDAP Directory, then 
<br>the add will fail.  We don't support mapping an LDAP entry to a <br>local UNIX 
group.  It all has to be in the directory service.<br><
 br><br><br><br><br><br>cheers, jerry<br>-----BEGIN PGP SIGNATURE-----<br>Version: 
GnuPG v1.2.0 (GNU/Linux)<br>Comment: For info see 
http://quantumlab.net/pine_privacy_guard/<br><br>iD8DBQFAFco9IR7qMdg1EfYRApDBAJ9oX0mUUIUx8IJoiSpksenkavdxkgCfRxxG<br>9Aed+P2m4WeKhrPPLgS3qYc=<br>=Wu3d<br>-----END
 PGP SIGNATURE-----<br><br>

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] re:ldap group mapping problems

Reply via email to