On Thu, 6 May 2004, Stephen Touset wrote: > Currently, my company is trying to deploy a Samba 3.0 server with an > LDAP back end, for domain authentication. Everything's going extremely > well so far except for one facet: net groupmap doesn't seem to play well > with LDAP. I can make the mappings just fine: > > hank:/var# net groupmap list > Domain Users (S-1-5-21-616220168-3974143565-3883354751-513) -> users > Domain Admins (S-1-5-21-616220168-3974143565-3883354751-512) -> wheel > > However, when it comes to actually giving these users the permissions, > it isn't done. Members of wheel aren't given Administrative privilege on > Domain Member machines. And I can't seem to figure out if there's a way > to view the membership of a group through Windows dialogs, so I can > verify whether or not the correct users are indeed members. > > Has anyone else had a problem similar to this, or can give me pointers > as to where to proceed from here? > >
You need to ensure that the unix group memberships are correct on the domain controller (ie 'groups $user'). Especially since you are re-using pre-existing unix groups (which can cause confusion on the part of the nss service if the groups exist both in local files and in LDAP). I would suggest that you use new unix groups (or be very careful with your nss set up etc). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
