I have done the following - Added index for sambaSID and other attributes as per the following
http://wiki.samba.org/index.php/2.0:_Configuring_LDAP - replaced the samba 3.0 schema file in my LDAP Server (Sun Directory Server) with the 3.2 version - installed samba 3.4.3 packages from sun freeware to replace those I compiled from from source. - Reindexed with "dsconf reindex -h ldapserver -t sambaSID o=mydomain.com" Unfortunately did not resolve the group membership problem (i.e. a user account only appears to be in its primary group ) Querying the Samba 3.4.x BDC # net rpc user info Administrator -U Administrator -S BDC2 Enter Administrator's password: Domain Users # Querying the Samba 3.0.x PDC # net rpc user info Administrator -U Administrator -S PDC Enter Administrator's password: Domain Admins Domain Users # As far as I can tell from the comments at the top of each ldif file, the only change was the addition of sambaTrustedDomainPassword objectClasses. On 11/25/09 03:41, Jan Wenzel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gaiseric Vandal schrieb: > >> I assume an index is not an actual LDAP attribute or object like >> sambaSID but is more like a database index for optimizing searches? >> > You're right :) But in some cases like substring search (samba searches > i.e. for sambaSID=S-1-5-32-* to get the local groups) they are needed to > get results. I don't know where to configure the indexes exactly in SDS, > but I'm sure it is possible. > > > >> I use Sun's Directory Server (LDAP server) as the backend. I use Apache >> Directory Studio for managing objects and attributes with in ldap. I >> should be able to use Sun's web-based console for creating the indexes. >> >> Is there something I need to specify in smb.conf to tell Samba to use >> the index? >> > Samba does not know anything about the configuration details of the LDAP > server, > it only talks LDAP - so it should instantly show groups when the index > is present. > > >> I also noticed that if I try to compile samba with Active Directory >> support, configure fails with >> >> configure: error: Active Directory support requires ldap_initialize >> > I would prefer to use the prebuilt linux packages from ftp.sernet.de (if > you have a linux system). > > >> Since sun has ldap client support included in the OS I do not have >> openldap installed. I don't need Active Directory but it makes me >> suspect that there may be some other ldap compatibility issues when >> using Sun ldap client vs Openldap client. >> >> >> Thanks >> > HTH > Jan > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksM7Z0ACgkQzaoFHMzBsBplVwCcCCaCYgq87CWuGmjxvpS/ox/k > WdQAn19bryFfw+aWa7TMUZZCzU2UKHsN > =4Old > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba