[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a
anybody?
Jim C.
members@kalamazoolinux.org
Mon, 19 Jan 2004 00:50:20 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Williams wrote:
|>|Well, technically all uidNumbers must be unique, and all gidNumbers must
...>
| Well, the group you want to be admins must have a RID of 512, so just go
| into LDAP and edit that one. Users and Guests also have specific RID
| requirements. (Users is 513, Guests is 514). 544 is Built-In Admins,
| which I don't think is what you want.
I think the scripts have already dealt with this...
OK, now I just now noticed that removeing the samba groupmapings (didn't
think I needed them because all my groups are in LDAP) has also removed
the sambaSID attribute from each of these. So here is the question: How
will Samba know what the rid is? Will I have to put things back the way
they were?
|>Now I notice that despite the fact that there is no root group in my
|>LDAP db, it is dispalying as root. The group is actually named admins.
|>Is this because admins is gidNumber=0 ?
| Most likely, if NSS is using files first (almost certainly true, and
| correct) then the glibc call will return the name from /etc/group rather
| than the one from LDAP. It probably doesn't matter in practice, just is
| a little confusing. You could change /etc/group to read admins instead
| of root - just so everything reads the same - the gidNumber is actually
| what matters anyway.
"files" is indeed first. I'm a little confused about the whole admins
thing so let me see if I've got this straight.
1. I must have a group, let's call it "admins" whose guidNumber is "0"
2. This "admins" group must be mapped to a "Domain Admins" or
"Administrators" group (or is that backwards?). (I don't think I need
both groups do I? Since this is a default/easy/basic setup shouldn't I
go with the builtin?)
3. Users who are administrative users must belong to either "Domain
Admins" or "Administrators", which ever is in use.
- --
- -----------------------------------------------------------------
| I can be reached on the following messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings@nureality.com |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAC5pM57L0B7uXm9oRAk0nAJ92VFg2+g6/3ro8ZsPektGWhqEmCACeNPaJ
bIFcINoN5lmU3SUYYO1l3fA=
=uRXi
-----END PGP SIGNATURE-----