OK, found this thread (I googled, I (thought I) checked the list prior to posting, well, well...)
Ray Klassen skrev: > looking at the slapd logging after a 'net rpc list groups' it > locates 57 groups and then queries the sambaSIDList attribute on each > one. (which I said earlier I wasn't set) After which it records > 'bdb_search: no candidates' and thats that... I get the feeling that there are several ways that samba tries to find group members, but using SIDs in sambaSIDList attributes of the group is not anything I have found in any docs (nor have I yet dived into the source to find out...) (If samba actually tries in several ways there might be a chance to use the first method to improve performance? Not that that is on my current list of things to do...) Jeremy Allison skrev: > There was a bug in earlier versions of the smbldap-tools > that creates groups with the wrong sid-type. I'd suggest > upgrading to 3.0.34 (latest 3.0.x release) and then ensuring > the group-type is changed in your LDAP db (I think it should be > type 5, rather than type 4 but this could be the other way > around :-). > > Just trying to get my head around this: group-type 2: domain groups group-type 4: local groups group-type 5: builtin groups Now, I checked well-known SIDs at http://support.microsoft.com/kb/243330 but I really have no clue as to which are domain groups and not, guess I'll have check the latest smbldap-tools The funny thing is that net group list mostly works, but # net rpc -Uadmin -Sserver2 group MEMBERS "Domain Admins" returns CEDERVALL\lpr CEDERVALL\cht CEDERVALL\TGN CEDERVALL\Viktoria CEDERVALL\MLF CEDERVALL\MHG CEDERVALL\lmi CEDERVALL\abg while # net rpc -Uadmin -Sserver2 group ADDMEM "Domain Admins" admin returns Could not add admin to Domain Admins: NT_STATUS_MEMBER_IN_GROUP so the user admin is and is not a member of "Domain Admins" Clues are welcome, I will investigate which groups should be which type in the meantime... -- mvh Christian Huldt 0704612207 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
