Hi, I have a question about sambaGroupType attribute on a Samba 3.2 PDC with LDAP backend (and nss_ldap + nss_winbind).
What should be the value for Administrators builtin group ? If i use smbldap-populate from smbldap-tools, the value of sambaGroupType is 5 (and the LDAP entry for this group is a posixGroup and a sambaGroupMapping). I've also noticed that "wbinfo -g" doesn't list the group. "getent group" displays the group correctly (i guess because of the posixGroup and nss_ldap) but the domain administrator account is not listed in that group (no nested group expand). If i simply start Samba without provisioning the Administrators builtin group in LDAP, Samba automaticaly creates it: dn: sambaSID=S-1-5-32-544,ou=groups,dc=mydomain objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-544 sambaGroupType: 4 displayName: Administrators gidNumber: XXXXXX structuralObjectClass: sambaSidEntry sambaSIDList: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-512 The value of sambaGroupType is 4 (and there is no posixGroup) and "wbinfo -g" list the group as "BUILTIN\administrators". "getent group" works fine (the domain administrator account is listed in the builtin Administrators group). Can anyone explains me what the correct value for sambaGroupType should be in Samba 3.2? I guess "4" but i'm not sure as a lot of people seems to use the smbldap-tools (which said "5"). Another question, is it ok to add a posixAccount object class in a builtin local group. If yes, how to avoid having twice the group entry in "getent group" (one by nss_ldap and one by nss_winbind)? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
