RE: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
Hi Clint, Actually just your comment in there that I didn't have an LDAP group suffix set in my smb.conf file solved my problem, turns out that I needed to set my user, group, and machine suffixes in order for it to work properly, so I just added/modified the following lines: ldap suffix = dc=ana,dc=mercyships,dc=org ldap user suffix = ou=MSAN ldap group suffix = ou=MSAN_G ldap machine suffix = ou=MSAN_C and now it works great. Thanks for the help! Chris Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org -Original Message- From: Clint Sharp [mailto:[EMAIL PROTECTED] Sent: 15 March 2004 21:52 To: Chris Slack Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6 On Mon, 15 Mar 2004, Chris Slack wrote: Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org Chris, What do your LDAP logs show samba is sending as the queries? In the past when I've had this problem it was related to my ldap suffix. User queries worked, but group queries did not (I had groups in a seperate ou from users). However, your user and group suffixes are not set in your smb.conf, so it's not the exact same problem I had. Please send me the output from a: net -d3 groupmap list Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
Hi, Didn't you forget to create a posixGroup entry for the group you're trying to add ? 1 - Create your group in /etc/group groupadd somegroup 2 - Add this entry to your Ldap directory : dn: cn=somegroup,ou=Groups,dc=domain,dc=com objectClass: posixGroup cn: somegroup gidNumber: 1003 (modify the dn and gid to match your needs...) Once this entry added, you should be able to map somegroup to any Windows group... Good luck, Ganaƫl LAPLANCHE [EMAIL PROTECTED] http://www.martymac.com Tel : (+33)6.84.03.57.24. -- Original Message --- From: Chris Slack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Mon, 15 Mar 2004 13:58:34 - Subject: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6 Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org [EMAIL PROTECTED] /etc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [nobody] Processing section [netlogon] Processing section [Profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = CHANNEL server string = Samba Server null passwords = Yes passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u logon script = login.js logon path = \\%L\Profiles\%U logon drive = X: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap port = 389 ldap suffix = ou=MSAN,dc=ana,dc=mercyships,dc=org ldap admin dn = cn=Manager,dc=ana,dc=mercyships,dc=org ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [nobody] comment = to prevent from user nobody from having a home share path = /dev/null browseable = No [netlogon] comment = Network Logon Service path = /msu/netlogon browseable = No share modes = No root preexec = /usr/local/bin/mkuserconfig.pl %U root postexec = rm /msu/netlogon/%U.conf [Profiles] path = /msu1/Profiles read only = No create mask = 0600 directory mask = 0700 guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- End of Original Message --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org [EMAIL PROTECTED] /etc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [nobody] Processing section [netlogon] Processing section [Profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = CHANNEL server string = Samba Server null passwords = Yes passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u add machine script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 553 -s /bin/false %u logon script = login.js logon path = \\%L\Profiles\%U logon drive = X: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap port = 389 ldap suffix = ou=MSAN,dc=ana,dc=mercyships,dc=org ldap admin dn = cn=Manager,dc=ana,dc=mercyships,dc=org ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [nobody] comment = to prevent from user nobody from having a home share path = /dev/null browseable = No [netlogon] comment = Network Logon Service path = /msu/netlogon browseable = No share modes = No root preexec = /usr/local/bin/mkuserconfig.pl %U root postexec = rm /msu/netlogon/%U.conf [Profiles] path = /msu1/Profiles read only = No create mask = 0600 directory mask = 0700 guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Mapping Problems with Samba 3.0.2a OpenLDAP 2.2.6
On Mon, 15 Mar 2004, Chris Slack wrote: Hello all, I am attempting to setup a Samba 3.0.2a based PDC using OpenLDAP 2.2.6 for my user/group authentication backend. So far everything seems to be working properly, I can join the domain from a Win2k PC, login via an account created with smbldap-useradd.pl, map my home directory, run the proper login script, etc. However, with all of that working I'm still having difficulties getting group mapping to work. I've run through the steps in the Samba HOWTO manual and tried everything else I could find on the web but I'm stumped at this point. When I type: net groupmap list I get nothing, when I type: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=Domain Admins I get the message adding entry for group Domain Admins failed!. I've tried several permutations of this using different groups, I've tried adding groups to the local /etc/group file to see if it was having an issue with LDAP, but nothing seems to help. I can't seem to find anyone else who has had this problem and like I said, everything else is working fine. Attached to the bottom of this message is a dump from testparm with the details of my /etc/samba/smb.conf file. Please let me know if anyone can give me any suggestions. Thanks, Chris Slack IT System Administrator Mercy Ships M/V Anastasis - Currently docked in Freetown, Sierra Leone, West Africa www.mercyships.org Chris, What do your LDAP logs show samba is sending as the queries? In the past when I've had this problem it was related to my ldap suffix. User queries worked, but group queries did not (I had groups in a seperate ou from users). However, your user and group suffixes are not set in your smb.conf, so it's not the exact same problem I had. Please send me the output from a: net -d3 groupmap list Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba