(itacs). I also want to be a member of domain admins, so i add another memberUid = ws0dwi in the domain admin group in LDAP, my
if you do getent groups
does your domain admin group show up? Of course you could always restart nscd if you haven't, just to make sure you're not geting into a cache issue.
Making some assumptions on what you said, it sounds like your Domain Admins groups isnt mapped to a valid UNIX group, which it must be. If you're running samba in the traditional LDAP sense with smbldap-tools, the smbldap-populate script would have done this for you.
Paul Gienger wrote:
every user is added to the group, but i cant seem to find a way for a user to be part of multiple groups, sambaPrimaryGroupSID isnt multi-valued, neither is gidNumber. Is there any way around this, has anybody have sugesstions?
Bone up on your UNIX group membership theory. Every user has a primary group that is specified in their user account. Secondary groups are applied 'backwards' to that setup. That means that users are added to the group's entry in wherever that group is defined (/etc/group, ou=Groups in a 'standard' LDAP DIT. You can have many many user entries in each group (up to like 1024 characters long for the list I believe) and the user can be both specified in the group object and have their primary group as that group without causing issues.
There are a couple of commands that come in handy once you start setting up secondary group memberships, and they work differently on different os's. groups <username> and id <username> give interesting output:
[EMAIL PROTECTED] log]# id pgienger
uid=2266(pgienger) gid=2028(itserv) groups=2028(itserv),3000(applied),2027(itadmin),2081(office),2082(projects),512(Domain Admins)
[EMAIL PROTECTED] log]# groups pgienger
pgienger : itserv applied itadmin office projects Domain Admins
-- -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
