[Samba] samba3.0.0rc1 - Problems managing groups with UsrMgr

Tue, 26 Aug 2003 10:30:53 +0000 

Dear list,

I have two problems managing groups from Win2kSP2 client using UserManager
for domains.

My Linux user and groups are stored in OpenLDAP using pam_ldap+nss_ldap from Padl.
Due to the fact that the groups using the ou=Group organizationalUnit, I have set
in smb.conf the "ldap group suffix = ou=Group" (using ldapsam as passdb backend).
So the Linux group and the sambaGroupMapping use the same LDAP-Entry.

First problem:
--------------
If I try to delete a group using UsrMgr, I get the message "Access Denied".
Nevertheless the group and the groupmapping are deleted, because I delete the
hole LDAP-Entry (including the groupmapping) in the "delete group script".

Therefore, I checked the source and in rpc_server/srv_samr_nt.c I found in which
order samba delete groups:
        1. check, if linux group exists
        2. call the "delete group script"
        3. cehck, if linux group is gone
        4. delete the groupmapping

I think my problem is in step "4. delete the groupmapping". This, of couse, failed,
because in the "delete group script" I delete the hole LDAP-Entry (the groupmapping, 
too).

I don't know if I something misconfigured in samba or in LDAP, but if I change the
order in rpc_server/srv_samr_nt.c (near line 3860) as follows:
        1. check, if linux group exists
        2. delete the groupmapping
        3. call the "delete group script"
        4. check, if linux group is gone

this works without any error messages. But, I am not sure, whether this is the right 
way!?!


Second problem:
---------------
If I try to modify a group using UsrMgr, I get the message "The groupname could not be 
found"
(this is a translation from german version). If I add and/or delete a user to/from a 
group, the
scripts "delete user from group" and/or "add user to group" are sucessfully called.
There is no error message, if I change the discription of a group´, too.

Therefore, I checked the source and found this in passdb/pdb_ldap.c (near line 2007):
        if (mods == NULL) {
                DEBUG(4, ("........
                return NT_STATUS_UNSUCCESSFULL;

If I change the return value from NT_STATUS_UNSUCCESSFULL to NT_STATUS_OK, everything 
works
fine without any error messages. But, same as above, I am not sure whether this is the 
right way!?!

Any comments, notes, help etc. are welcome.

Thank you for your time!


Cheers,

Bjoern

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to