Craig White <[EMAIL PROTECTED]> a écrit: >On Fri, 2006-03-17 at 16:14 -0500, Daniel Tousignant wrote: >> Craig White <[EMAIL PROTECTED]> a écrit: >> >On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote: >> >> The objectclass sambaSAMAccount and subsequent fields have been >> >> created. We are using the standard perl script tools that are >installed >> >> with >> >> the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). >> >> What I really do not understand is that if I put a user in the >standard >> >> ldap >> >> group "Domain Admins" (gid=512), the user is able to logon to the >> >domain, >> >> but not >> >> when it is in the "Domain Users" group (gid=513). What is the big >> >> difference for Samba >> >> between the two's ? Can it be an ACL problems ? >> >---- >> >not very likely to be an ACL problem. >> > >> >net groupmap list|grep Domain >> >> Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) -> Domain >> Users >> Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) -> Domain >> Guests >> Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) -> Domain >> Admins >> Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) -> >Domain >> Machines >> > >> > >> >net getlocalsid >> >> [2006/03/17 16:09:20, 0] utils/net.c:net_getlocalsid(494) >> Can't fetch domain SID for name: HIPPOLYTE >---- >this is a MAJOR problem...it should look like > >dn: sambaDomainName=EXAMPLE,dc=example,dc=net >sambaAlgorithmicRidBase: 1000 >structuralObjectClass: sambaDomain >objectClass: sambaDomain >objectClass: sambaUnixIdPool >sambaSID: S-1-5-21-89274850-471284788-6498272 >sambaDomainName: EXAMPLE >gidNumber: 1021 >uidNumber: 1095 > >and should have been created either by hand or by idealx 'populate' >script if you followed someones directions somewhere. > >Craig
Here is what I have now : [EMAIL PROTECTED] openldap]# net groupmap list | grep Domain Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) -> Domain Users Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) -> Domain Guests Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) -> Domain Admins Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) -> Domain Machines [EMAIL PROTECTED] openldap]# net getlocalsid SID for domain HIPPOLYTE is: S-1-5-21-3194588850-3670737847-3710085093 ... but I still cannot join an xp workstation to the domain, and a domain user on windows 98 cannot logon to the domain, althought a domain admin can. By the way, HIPPOLYTE is the name of the server; the domain name is INTAIR. Why is the command "net getlocalsid" returning "SID for domain HIPPOLYTE" Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
