Svancara, Randall escreveu:
Hello all,
I could not find anything in the discussion groups or documentation
about using LDAP and Unix group mappings.
The documentation states that in order to map unix groups to samba
groups, you need to use the net group add command. However, I have an
ldap backend and all my groups, that I care about are in LDAP.
Yes, it states that, but in all examples a tdbsam backend is used not ldap.
So I have a group called mainwdev.
dn: cn=test,ou=Group,dc=somewhere,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
sambaGroupType: 2
objectClass: top
cn: test
gidNumber: 801
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: user5
memberUid: user6
Now, if I run "net groupmap list", I can see the group mapping as
follows.
test (S-1-5-21-582185903-2148186938-2210701745-801) -> test
But when I attempt to log onto a share that only allows anyone that
belongs to the group test (say user1), i get permission denied errors.
It should be another problem not related to group mapping.
Do I still have to run "net group map" command to establish a
relationship between unix and samba groups?
No. When using ldap, the objectClass sambaGroupMapping represents the
relationship of the UNIX and NT groups (that in ldap are stored normally
in the same dn, and almost all tools creates the accounts that way by
default).
You can use "net groupmap" with ldap when you have UNIX and NT groups in
different places (lest suppose that you have a container for UNIX groups
and another to NT groups), and it works, but normally nobody creates
groups that way unless have a good reason.
Randall
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
