Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-05-2009, 11:06 PM   #1
Registered: Apr 2005
Distribution: Mint KDE on the Desktop, Debian on the Server
Posts: 66

Rep: Reputation: 15
Samba + LDAP server issues with group memberships

Hello everyone,

After a bit of effort I managed to get CentOS 5.3 server up and running to act as a PDC on a LAN. All the users can log in properly and the XP machines have been successfully added to the directory. Roaming profiles work fine and of course shares are up and available.

The only two remaining issues are: root has been aliased with Administrator on the Domain and while this account is able to perform all tasks on the server side, it doesn't have all privileges on the XP clients.

To address this I'm trying to add the user to the "Domain Admins" group on the server, but ran into this:

[root@gonzales ~]# net rpc group
Domain Admins
Domain Users
Domain Guests
Domain Computers
[root@gonzales ~]# net rpc group ADDMEM Domain\ Admins root
Could not add root to Domain Admins: NT_STATUS_NO_SUCH_GROUP
What gives? I don't understand why i first get confirmation that the group does exist and then when adding the user to it, samba complains the group doesn't exist.

Relevant lines of config:

# Specifying ldapsam backend database
        passdb backend = ldapsam:ldap://
        username map = /etc/samba/smbusers
# OpenLDAP stuff is defined here
        ldap suffix = dc=XXXXX,dc=com,dc=au
        ldap machine suffix = ou=machines
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=People
        ldap admin dn = cn=root,dc=XXXXX,dc=com,dc=au
        ldap ssl = no
        ldap passwd sync = Yes
        idmap uid = 10000-20000
        idmap gid = 500-20000
#       ldap ssl = start_tls

Any help will be greatly appreciated.
Old 05-06-2009, 12:35 AM   #2
Registered: Apr 2005
Distribution: Mint KDE on the Desktop, Debian on the Server
Posts: 66

Original Poster
Rep: Reputation: 15
Doh! I forgot about the smbldap scripts for managing the database! Using them i finally can make the appropriate queries and changes; but here's the thing: root already belonged to the "Domain Admins" group and yet on the XP clients it still doesn't have all the privileges.

Check it out:

[root@gonzales smbldap-tools]# smbldap-groupshow "Domain Admins"
dn: cn=Domain Admins,ou=Groups,dc=XXXXX,dc=com,dc=au
objectClass: top,posixGroup,sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-1659004503-1604221776-682003330-512
sambaGroupType: 2
displayName: Domain Admins
[root@gonzales smbldap-tools]# smbldap-groupmod -m root "Domain Admins"
User root already in the group

Am I missing anything else that has to be done/checked?
Old 05-06-2009, 06:59 AM   #3
Registered: Oct 2008
Location: Fife
Distribution: RHEL, Centos
Posts: 373
Blog Entries: 1

Rep: Reputation: 51
group policy settings.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
group policy for ldap domain server... kashifazizawan Linux - Server 0 09-11-2008 06:04 AM
samba issues with a folder shared across a user group nass Slackware 6 01-27-2008 08:56 AM
SAMBA and LDAP configuration issues tristanm Linux - Server 8 11-15-2007 01:43 AM
Accidentally deleted all my group memberships Linux - Software 4 08-26-2007 11:59 AM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration