John H Terpstra: [...]
> The Samba-HOWTO-Collection is literally intended to be correct and > capable of being followed literally! Please document what sucks and help > us to improve our documentation. I encourage you to file a bug report with > details of what needs to be fixed. You can file a bug report on > https://bugzilla.samba.org On the basis of what the Samba team has done over the years, its availability and quality, it would be my bounden duty to do so. However, this would mean a complete rewrite, producing a parallel doc that omitted all reference to Samba V2 (with which I'm not familiar) My basic point of criticism (I started with Samba 3.0.7, Openldap V2.2.20) after following the "HOWTO", finding out that it crippled my system and asking myself how Samba/LDAP should be configured. For all of what follows I used GQ 1.0.b1 (jump from www.biot.com), since it gives a graphical representation of the DSA, drag'n drop is possible, making experimenting a breeze, shows *all* mandatory and optional attributes in different colors and gives sensible error reports when you do something wrong: 1: under ou=smb, *no* groups called (cn=)"Domain Admins", "Domain Guests" or "Domain Users" should be set up. cns with spaces in are not liked by Openldap 2.2 and Samba makes a hash of them; furthermore Linux doesn't like them . Anyway, these groups are NT groups and not Posix groups and are defined in the *record* for the group, as defined in the displayName attribute. Instead, under ou=smb, define 3 Posix groups domadm, domguest and domuser. Give them regular, unique gidNumbers. For domadm, set attribute displayName to Domain Admins, for domguest set displayName to Domain Guests and domuser set displayName to Domain Users. Make each group an objectClass member of sambaGroupMapping. Get your local SID using 'net getlocalsid' Give each group its SID as defined in the regular Samba HOWTO. Into domadm, put cn=Administrator and cn=root as described in the "HOWTO". objectClasses top, person, organizationalPerson, inetOrgPerson, posixAccount and sambaSamAccount, Administrator can have any uidNumber (I use a Red Hat "system" number, 16( and his gidNumber will be that of domadm. root has to have uidNumber=0 and domadm's gidNumber. Administrator's sambaSID is localsid+calculated RID as in the Samba HOWTO docs, sambaPrimaryGroupSID=localsid+512; root\s sambaSID=localsid+502, primary group SID=localsid+512. When following the Navarra "HOWTO", 'net groupmap list' didn't work at all, nor could I do a 'net rpc join'; that was what started me experimenting. now it works as it should and I can do a 'net rpc join'. Hope this helps someone, it cost me enough pain before it worked properly for me. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba