[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM)
fm 2.2.8a anybody?
Adam Williams
members@kalamazoolinux.org
Thu, 15 Jan 2004 06:17:36 -0500
> |Oh! Use LDAP or don't. Having things locatable by both libnss_files
> |and libnss_ldap is BAD BAD BAD news. That way lies bloody carnival
> |death. I have "root" in both, and everything else is carefully one or
> |the other.
> Is "carnival" death more entertaining than regular death?
"entertaining" possibly, really just more with the pre-show (pain,
terror, etc...). This a vague pop culture reference to several really
bad movies made in the late eighties (I think, thats when I saw them);
if you don't get it, don't sweat it, your not missing anything.
> Perhaps you ment "carnal." ;-)
Oh no, carnal is good. Dying while bieng carnal sounds like a good way
to go.
> Right. gid's/gidNumber's and uid's/uidNumbers must be unique
> throughout the namespace (i.e. regardless of backend)... uh... except
> perhaps when they are admin gid=0/uid=0 ?
Well, technically all uidNumbers must be unique, and all gidNumbers must
be unique but uid space and gid space are seperate. uid = 0 has a
special meaning, everything else is just a number. Personally it is
nice to have uid/gid space unified (no overlaps) but not really feasable
given most installs. I just make sure users and user groups (the ones
you create, not that come with the system) don't overlap.
> |>Hmmm... you know I don't think I've ever seen a case where a
> |>group belonged to a group and having two groups used for the same
> |Something like an NIS triple? I can be done. I don't. You get
> |potential group-loops (grd contains sales which contains grd....) and it
> |is just way to confusing.
> Gotcha. We'll avoid that and stick to the KISS principle then.
Right, kissing is carnal, which is good, as indicated earlier.
> |There is a directory call Migration installed with most openldap-server
> |...
> |is (and really can be) no "canned" solution.
> I'm already familiar with this directory. Thanks. :-)
Excellent.
> The real problem right now then, is that I don't know which posix
> groups match up with which samba builtins.
Well, technically, none. You just assign which ones work for you.
Posix groups have no special significance, so which ever one you use
whatever works for you (so long as you document it for the guy who
replaces you when you get suddenly tense-modified in some gruesome way.)
For example, we use -
[root@littleboy /root]# net groupmap list
Mail Managers (S-1-5-21-2037442776-3290224752-88127236-1507) -> mailmgmt
Traverse City Branch (S-1-5-21-2037442776-3290224752-88127236-1423) ->
tra
Lansing Branch (S-1-5-21-2037442776-3290224752-88127236-1429) -> lan
HiLow Low Down (S-1-5-21-2037442776-3290224752-88127236-1499) -> hilo
Web Developers (S-1-5-21-2037442776-3290224752-88127236-5149) -> webdev
Intranet Calendar (S-1-5-21-2037442776-3290224752-88127236-3155) ->
intracal
Used Equipment (S-1-5-21-2037442776-3290224752-88127236-1481) -> used
Classroom (S-1-5-21-2037442776-3290224752-88127236-1415) -> class
Brighton Branch (S-1-5-21-2037442776-3290224752-88127236-1425) -> brt
Morrison Industrial Equipment
(S-1-5-21-2037442776-3290224752-88127236-3033) -> me
Grand Rapids Branch (S-1-5-21-2037442776-3290224752-88127236-1437) ->
grd
Power Users (S-1-5-21-2037442776-3290224752-88127236-547) -> poweruser
Elkhart Branch (S-1-5-21-2037442776-3290224752-88127236-1417) -> elk
Kalamazoo Branch (S-1-5-21-2037442776-3290224752-88127236-1427) -> kal
Greenville Branch (S-1-5-21-2037442776-3290224752-88127236-1419) -> gnv
IT Staff (S-1-5-21-2037442776-3290224752-88127236-1461) -> cis
South Bend Branch (S-1-5-21-2037442776-3290224752-88127236-1491) -> sbn
slocate daemon (S-1-5-21-2037442776-3290224752-88127236-1043) ->
postgres
Informix (S-1-5-21-2037442776-3290224752-88127236-1401) -> informix
UUCP (S-1-5-21-2037442776-3290224752-88127236-1029) -> uucp
Modification Center (S-1-5-21-2037442776-3290224752-88127236-1497) ->
mod
Internet Users (S-1-5-21-2037442776-3290224752-88127236-3003) ->
internet
Domain Admins (S-1-5-21-2037442776-3290224752-88127236-512) -> admins
Holland Branch (S-1-5-21-2037442776-3290224752-88127236-1421) -> hol
Console Control (S-1-5-21-2037442776-3290224752-88127236-1519) ->
console
Parts Quality Control (S-1-5-21-2037442776-3290224752-88127236-1521) ->
partsqc
Saginaw Branch (S-1-5-21-2037442776-3290224752-88127236-1433) -> sag
Triad Service Center (S-1-5-21-2037442776-3290224752-88127236-3153) ->
tsc
Domain Guests (S-1-5-21-2037442776-3290224752-88127236-514) -> nobody
Line Printer Daemon (S-1-5-21-2037442776-3290224752-88127236-1015) -> lp
Floppy Drive Users (S-1-5-21-2037442776-3290224752-88127236-1039) ->
floppy
Mor-Value Parts (S-1-5-21-2037442776-3290224752-88127236-3029) -> mv
CVS Users (S-1-5-21-2037442776-3290224752-88127236-5197) -> cvsuser
Morrison Industries (S-1-5-21-2037442776-3290224752-88127236-1469) -> mi
Print Operators (S-1-5-21-2037442776-3290224752-88127236-550) ->
printadmin
Central Parts (S-1-5-21-2037442776-3290224752-88127236-1407) -> cparts
Warranty Department (S-1-5-21-2037442776-3290224752-88127236-1483) ->
warranty
Muskegon Branch (S-1-5-21-2037442776-3290224752-88127236-1431) -> msk
Lotus Notes Group (S-1-5-21-2037442776-3290224752-88127236-5047) ->
notesgroup
Cisco Inc (S-1-5-21-2037442776-3290224752-88127236-3031) -> cs
Accounting (S-1-5-21-2037442776-3290224752-88127236-1403) -> actng
Mor-Value Parts (S-1-5-21-2037442776-3290224752-88127236-1473) -> mvp
> I can make guesses but I
> would rather find some at least semi-explicit info somewhere. I would
> jump on the Mandrake list and ask but sympa (the listserv) hates my
> email addy's for some reason. I got a new Earthlink address a few
> days ago so I'll try again this evening.
The balance of the universe will be restored; you'll come to hate
Earthlink.