-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ww m-pubsyssamba írta: | Hi list, | | If I have multiple Samba member servers in a domain can I store the groupmap data in LDAP? When I try this I get this error | | # net groupmap add ntgroup=Everyone unixgroup=nobody | No rid or sid specified, choosing algorithmic mapping | adding entry for group nobody failed! | | | But this works correctly (creates account in LDAP server) | | smbpasswd -a username password | | | the LDAP config in my smb.conf is as follows, | | | security = ads | encrypt passwords = yes | idmap backend = ldap:ldap://bbcwwp-sun19.worldwide.bbc.co.uk/ | passdb backend = ldapsam:"ldap://bbcwwp-sun19.worldwide.bbc.co.uk ldap://bbcwwp_sun21.worldwide.bbc.co.uk" | ldap suffix = dc=worldwide,dc=bbc,dc=co,dc=uk | ldap user suffix = ou=People | ldap group suffix = ou=Groups | ldap machine suffix = ou=machines,ou=Samba | ldap idmap suffix = ou=idmap,ou=Samba | ldap admin dn = uid=sambaadmin,ou=Special Users,dc=worldwide,dc=bbc,dc=co,dc=uk | ldap ssl = no | | | any answers much appreciated, | | thanks Andy.
Sorry but it seems to me that security = ads and idmap backend and ldap backend doesn't play nice together. In the case that you have an AD member server you should remove anything about passdb backend and ldap suffixes, except the idmap one. But if your server is the DC of the Domain, you should have security = user.
Cheers,
Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAbYjU/PxuIn+i1pIRAiXlAKCINSDHqLBxgigd7wxMf66+bjr1lQCgqO+3 241APAwKWHNHX8+Ju55MzhY= =knvT -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba