Am Mittwoch, 11. März 2009 15:38 schrieb BOURIAUD: > On Wednesday 11 March 2009 14:51:25 Harry Jede wrote: > > Hello ! > First of all, thanks for your answer, even if it doesn't help much. > > > First things first: Read the f... manual > > That's what I did, after I made my mistake. > > > - you should not have 2 groups with the same gidNumber > > Forgive me if my question was not asked correctly. So I will try to > make it clearer : which gid should I change then ? The one from the > unix group or the one of the samba group ? Are there rules to do so > (I mean reserved numbers, limits for the gid, things like this) ? You can only have ONE group with ONE gidNumber.
BAD SETUP begin: dn: cn=cdti,ou=Group,BASEDN objectClass: posixGroup objectClass: top cn: cdti userPassword: {crypt}x gidNumber: 666 Here is how the samba group is defined : dn: cn=CDTI,ou=Groups,BASEDN objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: CDTI description:: Q2VudHJlIGTDqXBhcnRlbWVudGFsIGRlIHRyYWl0ZW1lbnQgZGUgbCdpbmZvcm 1hdGlvbg== sambaGroupType: 2 memberUid: david gidNumber: 666 sambaSID: S-1-5-21-215069222-2822928016-2390355089-666 BAD SETUP end: Combine these in a way, that you have only one group with the name cdti. for example: delete cn=cdti,ou=Group,BASEDN and it may be fine. You should not have different groups with the same name, even if one is in uppercase and the other in lowercase letters. You should not have identical names in your LDAP database across the following fields: cn, uid and displayName for more then one record. Example: dn: uid=john,ou=... uid=john displayname=john That is OK ###### dn: uid=john,ou=A,ou... uid=john displayname=john dn: uid=john,ou=B,ou=... uid=johnB displayname=john That's bad. ###### dn: uid=john,ou=A,ou... uid=john displayname=john dn: cn=john,ou=groups,ou... cn=john That's also bad. > > > - sambaLMPassword & sambaNTPassword do not hold the password in > > ascii, both must contain password hashes > > I hope you were joking. I said I obfuscated what had no point with > the question, and password hashes were replaced with "PLOP" in my > previous mail ;-) Sorry, I do not now "PLOP". > > Go back, and take some time to read the docs > > That's what I keep doing, anyway. > > Thanks for your answer and have a nice day. > > > -- > > > > Gruss > > Harry Jede -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba