[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?

[Jim C.]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Jim C. wrote:

| This is what I was referring to:
|
| [root@enigma root]# net3 getlocalsid [2004/01/14 10:54:31, 0]
| utils/net.c:net_getlocalsid(414) ~  Can't fetch domain SID for
| name: ENIGMA
|
| Adam Williams wrote:
|
| |>|Groups mappings aren't in secrets.tdb.  But if you nuke it Samba
| will |>|dutifully recreate it, shouldn't be a problem.


Fixed this by retrieving the old SID from LDAP and then re-setting it
with "net3 setlocalsid SID".

K, now I can understand why groupmaps might be needed.  For example
you might need them if your LDAP system was not also being used for
Linux authentication.
So here is the question:  Would it be more advisable to migrate
required Linux system accounts and groups to the LDAP server or to map
to them?  Hmmm... you know I don't think I've ever seen a case where a
group belonged to a group and having two groups used for the same
thing is redundant. Consequently, I think that it would be best to
map than to have two groups in the LDAP db.  Does this seem correct?

Hmm... On second thought, my experimentation here seems to indicate
that groupmaps cannot be established with the net3 command unless both
the posix group and the Samba group exist in the LDAP database.
This would make having those system accounts such as nobody and
nogroup in the LDAP database mandatory.  mmm... I suppose I could just
wack the data in with gq, it would take and work but I couldn't manage
it from remote or anything.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFABbFU57L0B7uXm9oRAoweAJ9cC7UA3C8UbkMcC/V+ANpozrLcfgCdEKFZ
BL5wiENlXalOcBZdOBTNva4=
=M91M
-----END PGP SIGNATURE-----