[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?

[Jim C.]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

|>I also found it strange that in some places in the docs it talks
about ou=Idmap
|>and yet in smb.conf ldap idmap suffix is set to cn=Idmap.
|
|
|Report any documentation inconsistency.  Maintaining a large document on
|something complex like Samba is *HARD*.  Really hard,  keeping internal
|consistancy as things are changed is tedious.  But Mr. Terpstra is very
|good about fixing inconsistiencies when reported.
|
Kool.  I'll see about that after my job interview this morning.

|>strange.  Is it an ou or is it a cn?  
|
|Well, it could be either;  whatever you set it to.  Traditionally LDAP
|
|>Note that the IDEALX scripts added the following users and groups:
|>Users:
|>Administrator:x:998:512:Netbios Domain Administrator:/home:/bin/false
|>nobody:x:999:514:nobody:/dev/null:/bin/false
|
|
Note to self: Back reference what Adam said eariler about how to
implement administratrive accounts and groups.

|I've never used the idealx scripts,  and from all the posts I see about
|people trying to use them, I'm developing an unfavorable opinion.
|
|There is no reason whatsoever that I can see for createing the two user
|accounts you list above.
|
|Administrator = root
|
|Your system almost certainly already has a nobody/guest account.  I can
|only imagine what having two "nobody" accounts might do.

Point.  I'll check that.  Traditionally Mandrake uses
"nobody.nogroup"  or at least this is the case with my other boxes.

|>Groups:
|>Domain Admins:x:512:Administrator
|>Domain Users:x:513:
|>Domain Guests:x:514:
|>Administrators:x:544:Administrator
|>Users:x:545:
|>Guests:x:546:nobody
|>Power Users:x:547:
|>Account Operators:x:548:
|>Server Operators:x:549:
|>Print Operators:x:550:
|>Backup Operators:x:551:
|>Replicator:x:552:
|>Domain Computers:x:553:
|
|
|And your sure these gids don't overlap with existing groups?
|
Check.  Will investigate this also.

|>Also delving into groupmaps produced some problems:
|
|...
|Yep, those will drive you crazt.  You need to nuke those.
|I think these settings are in the secrets.tdb file and not the ldap

|>server because I was messing with this before I setup Idmap.
|
|
|Groups mappings aren't in secrets.tdb.  But if you nuke it Samba will
|dutifully recreate it, shouldn't be a problem.
|
Nukeing it ideintified the location of the group mappings.  They were
objectclasses that were added to the posixgroups in LDAP.  I zapped em
with gq.
I don't know if there are any random spontaneous components to an SID
so I should probably double check that re-createing secrets.tdb didn't
change it at all.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFABWOL57L0B7uXm9oRAtJrAJ4tmfjap+l23a6AfpIX3a5VtHfUMACfSCiW
k3Ivq1SSFF4KKJUrOxM/lNw=
=p2az
-----END PGP SIGNATURE-----