Dear Sirs,
I installed OpenLDAP and smbldap-tools by IDEALX. samba is 3.0.7, smbldap is 0.8.5
what else did I do:
1) smbldap-populate
2) pdbedit -i smbpasswd:/usr/local/private/smbpasswd -e ldapsam:ldap://127.0.0.1
3) smbpasswd -w <clear text password> what is not very clear, should I use the same Manager account or not.
It should be the password of the 'ldap admin dn' listed in your smb.conf file.
however, account information was exported to LDAP successfully. samba is running well over that data. users can log in.
but, when I do "net groupmap ..." I'm getting errors:
sol# net groupmap list [2004/10/20 19:40:25, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for SOLAR failed with NT_STATUS_UNSUCCESSFUL
This means that 'ldap admin dn' does not have write access to the tree listed as 'ldap suffix' in your smb.conf file. You can fix it either in slapd.conf file by adding correct 'access' statement or change 'ldap admin dn' to the one which already have the right access.
Domain Admins (S-1-5-21-1906877464-905504629-2230954338-512) -> 512 Domain Users (S-1-5-21-1906877464-905504629-2230954338-513) -> school Domain Guests (S-1-5-21-1906877464-905504629-2230954338-514) -> 514 Print Operators (S-1-5-32-550) -> 550 Backup Operators (S-1-5-32-551) -> 551 Replicators (S-1-5-32-552) -> 552
Those numbers mean that smbldap-populate expects that builtin Domain Group SIDs should be mapped into UNIX groups with gid the same as RID part of SID. Since you already have one of the gid's reserved for a group named 'school' it's not a good assumption for your site. You may want to create your own UNIX groups for 'Domain Admins' and so on and then use 'net groupmap modify' to update the mapping.
sol#
why pdbedit successfully migrated data, but net groupmap doesn't want to work with that ?
Cheers, Ilia Chipitsine
Hope it helps, Igor
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
