Menu
▾
▴
Re: [webmin-l] ldap users and groups samba
|
From: Jamie C. <jca...@we...> - 2005-10-27 03:58:50
|
On 27/Oct/2005 10:42 Craig White wrote .. <blockquote type=3D"cite"> On Thu, 2005-10-27 at 09:34 +1000, Jamie Cameron wrote: <blockquote type=3D"CITE"> <pre><font color=3D"#000000">On Thu, 2005-10-27 at 04:19, Craig White wrote:</font> <font color=3D"#000000">> Something changed in the last few versions of LDAP Users and Groups</font> <font color=3D"#000000">> module and I can't figure out where it changed.</font> <font color=3D"#000000">> </font> <font color=3D"#000000">> I previously automatically added the sambaPrimaryGroupSID via config:</font> <font color=3D"#000000">> LDAP properties for new Samba users</font> <font color=3D"#000000">> </font> <font color=3D"#000000">> If I create a new user now, that fails because...</font> <font color=3D"#000000">> Failed to save user : Failed to add user to LDAP database :</font> <font color=3D"#000000">> sambaprimarygroupsid: multiple values provided</font> <font color=3D"#000000">> </font> <font color=3D"#000000">> OK - so I remove the automatic entry from config but now the</font> <font color=3D"#000000">> sambaPrimaryGroupSID is set to S-1-5....-2000 instead of S-1-5...-513</font> <font color=3D"#000000">> and I can't figure out where that is coming from. Any clues?</font> <font color=3D"#000000">In the current release of Webmin, that attribute is set automatically.</font> <font color=3D"#000000">The value is always DOMAIN-XXX , where XXX is the Unix GID*2+1000 .</font> <font color=3D"#000000">Let me know if this doesn't seem correct, as I am not too familiar with</font> <font color=3D"#000000">the real purpose of this attribute :-)</font> </pre> </blockquote> ----<br /> that's really bugging me - I don't know how other people handle this.<br /> <br /> Your concept is fine except for one thing...well known RID's<br /> <br /> Link to samba documentation<br /> <a href=3D"http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#WKURIDS">http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#WKURIDS</a><br /> <br /> The concept is if you want all new users to automatically be a member of "Domain Users" - their sambaPrimaryGroupSID, then it would have an RID (Relative ID) of 513 so the SID:<br /> S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-513<br /> ^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^<br /> =A0=A0=A0=A0 |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |------< RID<br /> =A0=A0=A0=A0 |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 <br /> =A0=A0=A0=A0 |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |--------< Unique to each domain<br /> =A0=A0=A0=A0 |<br /> =A0=A0=A0=A0 |-----< Domain Group (not local)<br /> <br /> since the 513 is the Well known RID for the Domain Group "Domain Users" - some people (if not most) would have the default sambaPrimaryGroupSID be that one.<br /> <br /> I can't answer for what other people do. Perhaps it would be best to have this configurable by the administrator (the value of sambaPrimaryGroupSID).<br /> <br /> Thanks<br /> <br /> Craig </blockquote>Ah .. so should the sambaPrimaryGroupSID be the same for all users? Because that is not what Webmin does currently .. and it sounds like I should fix this.<br /><br />=A0- Jamie<br /><br /> |
