[Samba] ldapsam_getgroup
Cédric Carlen
I'm writing you this email because when i want to set up a password policy
with LDAP, this one isn't recognize by samba.
In the log i've got this :
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))
When i look with LdapAdmin, i don't have SID like this. Why ldap check this
SID if they don't exist ?
Thanks for you help
Flake
P.S.: I don't past files, because I don't know which one could help
--
Cédric CARLEN
Élève-ingénieur à TELECOM Lille 1
Promotion FI15
☎ 06.59.42.81.55
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Gaiseric Vandal
additional windows "well known groups" (google for windows well known
groups.)
on my server I can see my group mappings:
# net groupmap list
.....
Domain Users (S-1-5-21-xxxxx-xxxx-xxxxx-513) -> Domain Users
Administrators (S-1-5-32-544) -> Builtin Admins
Domain Controllers (S-1-5-21-xxxxx-xxxx-xxxxx-516) -> Domain Cont
rollers
....
Authenticated Users (S-1-5-11) -> Authenticated Users
Network (S-1-5-2) -> Network
Everyone (S-1-1-0) -> Everyone
....
So
#net groupmap add ntgroup="Authenticated Users " unixgroup=xxx
rid="S-1-5-11"
Or you can update in ldap.
On 06/07/12 05:56, Cédric Carlen wrote:
> Hello, hello
>
> I'm writing you this email because when i want to set up a password policy
> with LDAP, this one isn't recognize by samba.
>
> In the log i've got this :
>
> ldapsam_getgroup: Did not find group, filter was
> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))
> ldapsam_getgroup: Did not find group, filter was
> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))
> ldapsam_getgroup: Did not find group, filter was
> (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))
>
> When i look with LdapAdmin, i don't have SID like this. Why ldap check this
> SID if they don't exist ?
>
> Thanks for you help
>
> Flake
>
> P.S.: I don't past files, because I don't know which one could help
>
--
Gaiseric Vandal
"Administrators" - they always have the same SID or RID (relative ID.)
With an LDAP backend, you may have windbind/idmap automatically allocating
unix group id's so this may be hidden from you. In my environment I
support linux clients (ssh and nfs) so I still have to manage unix uid's and
gid's. it means I also have to create unix groups that represented any
windows groups.
On the unix server, as root in a unix session, can you see the owner, group
and permissions on the files you are creating from windows? If you run
"pdbedit -Lv somesambauser" you should see the name of the unix account for
that user. Is there a mismatch? Can you set file permissions via unix
so that the windows users can see them? Have you defined any force user,
force group or force mask options on the file share?
-----Original Message-----
From: Murthy [mailto:msga...@gmail.com]
Sent: Thursday, June 07, 2012 6:49 PM
To: gaiseri...@gmail.com
Subject: Re: [Samba] ldapsam_getgroup
Hello:
I am not sure what you mean by setup Unix groups and domain mappings for
additional windows "well known groups".
I tried the following experiment. I changed the permissions on the directory
to 777 and mapped it to a share.
I am able to see all the directories in that share directory (i.e all
sub-directories). However, I cannot see any individual files. Same thing
happens if a create new subdirectories. I can see newly created
sub-directories but I cannot see any individual files.
I have been working on this for about 3 days now. I am really frustrated why
things have to to so complicated.
Murthy