I am using Samba PDC with OpenLDAP2 and smbldap-tools. As part of my logon.bat, I call a script called ifmember.exe. This script can list out the groups a user is a member of. It is reporting that my root user is a member of the group 'engr.' I don't know if this is a bug with ifmember.exe or if it's an issue in Samba or in LDAP. Here is some relevant data:
oink:/etc/smbldap-tools # smbldap-groupshow engr dn: cn=engr,ou=groups,dc=borkholder,dc=com cn: engr gidNumber: 1001 memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb objectClass: top,posixGroup,sambaGroupMapping sambaGroupType: 2 sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001 oink:/usr/local/sbin # ./smbldap-usershow root dn: cn=root,ou=people,dc=borkholder,dc=com objectClass: account,posixAccount,top,sambaSamAccount cn: root uid: root uidNumber: 0 gidNumber: 0 loginShell: /bin/bash homeDirectory: /root displayName: root sambaPwdCanChange: 1095966471 sambaPwdMustChange: 2147483647 sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678 sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000 sambaPwdLastSet: 1095966471 sambaAcctFlags: [U ] userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2 sambaSID: S-1-5-21-725326080-1709766072-2910717368-500 sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512 oink:/usr/local/sbin # net groupmap list acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain Admins Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) -> Domain Users Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514) -> Domain Guests Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) -> Workgroup Computers Administrators (S-1-5-32-544) -> Administrators acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) -> receptionist engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr Is there anywhere else I can look to see why this command thinks I'm a member of the engr group? I'm using nss_ldap on the server for authentication as well. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba