On Thu, Oct 16, 2008 at 11:32:03AM +0200, Sébastien Prud'homme wrote: > Hi, > > I have a question about sambaGroupType attribute on a Samba 3.2 PDC > with LDAP backend (and nss_ldap + nss_winbind). > > What should be the value for Administrators builtin group ? > > If i use smbldap-populate from smbldap-tools, the value of > sambaGroupType is 5 (and the LDAP entry for this group is a posixGroup > and a sambaGroupMapping). > I've also noticed that "wbinfo -g" doesn't list the group. "getent > group" displays the group correctly (i guess because of the posixGroup > and nss_ldap) but the domain administrator account is not listed in > that group (no nested group expand). > > If i simply start Samba without provisioning the Administrators > builtin group in LDAP, Samba automaticaly creates it: > > dn: sambaSID=S-1-5-32-544,ou=groups,dc=mydomain > objectClass: sambaSidEntry > objectClass: sambaGroupMapping > sambaSID: S-1-5-32-544 > sambaGroupType: 4 > displayName: Administrators > gidNumber: XXXXXX > structuralObjectClass: sambaSidEntry > sambaSIDList: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-512 > > The value of sambaGroupType is 4 (and there is no posixGroup) and > "wbinfo -g" list the group as "BUILTIN\administrators". "getent group" > works fine (the domain administrator account is listed in the builtin > Administrators group). > > Can anyone explains me what the correct value for sambaGroupType > should be in Samba 3.2? I guess "4" but i'm not sure as a lot of > people seems to use the smbldap-tools (which said "5").
That's a bug in smbldap-tools, I sent them a patch for this. See : https://bugzilla.samba.org/show_bug.cgi?id=5551 for details (and here : https://bugzilla.samba.org/attachment.cgi?id=3369&action=view is the patch for smbldap-tools. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
