[Samba] Samba PDC with groups in LDAP

Thu, 21 Aug 2008 05:07:04 -0700 


Hi All,
I'm wondering if anyone can shed some light on a problem I'm having. 

I have a samba PDC with an LDAP backend, keeping the smb.conf file constant,

When I have /etc/nsswitch.conf configured with

groups: files ldap

Then

/usr/local/samba/bin/net rpc user info dbb

only returns my primary group.

If I have /etc/nsswitch.conf configured with

groups: files nis

Then all my groups are shown when running the same net rpc command.

In both cases,

groups dbb
and
id -a dbb

show all the groups I am a member of,

getent group groupName shows the members of the group and


/usr/local/samba/bin/net groupmap list provides a list of groups (from 
LDAP) eg


Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) -> Domain Users

Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) -> Domain 
Guests
Domain Computers (S-1-5-21-440367617-1876916578-3462541782-553) -> 
Domain Computers
Domain Vagrants (S-1-5-21-440367617-1876916578-3462541782-554) -> Domain 
Vagrants
Domain Sidekicks (S-1-5-21-440367617-1876916578-3462541782-590) -> 
Domain Sidekicks

Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) -> domadm

The group objects in LDAP look like

dn: cn=<groupName>,ou=Groups,dc=st-andrews,dc=ac,dc=uk
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: <Number>
cn: <groupName>
memberUid: user1
memberUid: user2
memberUid: ...
description: Some Descriptive Term Here
sambaSID: S-1-5-21-xxx-yyy-zzz-<gidNumber>
sambaGroupType: 2
displayName: Whatever

where S-1-5-21-xxx-yyy-zzz is our domain SID

Watching the ldap logs, when I run net/rpc usr info dbb,


samba looks up all the groups root is in 
(&objectClass=sambaGroupMapping)(gidNumber=...)),
for sambaSID=s-1-5-32-544 and 545, then for a whole bunch of 
sambaSIDLists (I have none setup)

or sambaGroupMapping,sambaGroupType=4


It then looks up my account, searches for my primary group both by its 
gidNumber, then by its

sambaSID, and then it stops.


Is there extra configuration need for looking up groups in ldap? It 
feels like an OS issue but the

OS commands seem to return the correct output.

OS is Solaris 10 sparc.  Samba versions are 3.0.23c and 3.2.1


Thanks,
            Duncan

--
The University of St Andrews is a charity registered in Scotland : No SC013532

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to