on domain member idmap against ldap is not working.
I tryed to dump network communication between MEMBER and ldap
server, but Ethereal (0.10.0a) says packets (3 pieces at all) are corrupted and can not be
analysed (I have ldap ssl = off).
Our setup:
Samba domain seems to be working, WinXP logons to domain and users
did not report any problems. Server is PDC on samba (3.0.2 on linux Fedora Core 1) and
all accounts (unix, samba) and groups (posix, samba build-in) are stored on ldap server.
Now, I added another samba machine as domain member. [EMAIL PROTECTED] net join -S PDC -UAdministrator%password [EMAIL PROTECTED] smbpasswd -w secret
My ldap setting is fine I hope:
[EMAIL PROTECTED] id Administrator uid=998(Administrator) gid=512(Domain Admins) groups=512(Domain Admins)
[EMAIL PROTECTED] getent group "Domain Admins" Domain Admins:x:512:Administrator
But 'net groupmap list' is not working
[EMAIL PROTECTED] net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-3625374334-2768020895-3115484427-512) -> -1 Domain Guests (S-1-5-21-3625374334-2768020895-3115484427-514) -> -1 Power Users (S-1-5-32-547) -> -1
My smb.con is:
[global] workgroup = COMPANY netbios name = MEMBER security = domain password server = PDC encrypt passwords = yes
ldap ssl = off ldap admin dn = cn=Manager,dc=company,dc=com ldap suffix = dc=company,dc=com ldap user suffix = ou=People ldap group suffix = ou=Group ldap machine suffix = ou=Computers idmap backend = ldap:ldap://ldap.company.com/ ldap idmap suffix = ou=Group idmap uid = 10000-20000 idmap gid = 10000-20000
When I make some new group mapping on MEMBER, changes are stored locally on /var/cache/samba/*
I think the communication between MEMBER and ldap fails due some bug, so groupmaps continues to work locally.
Thanks for advice Petr
--
Chief B.O.F.H. Officer
When proprietary IM sucks - jabber://[EMAIL PROTECTED]
IPv4 sucks too. Ping6 to ::1/128
UTF-8 rules: +ÄÅÄÅÅÃÃÃÃÅ
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
