PGP SIGNED MESSAGE
Hash: SHA1
Hi there,
short question: I try to add a local group via the NT-Usermanager
("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
on Debian Sarge (testing) with the smbldap-tools (v0.8.8).
What could I have done wrong?
Thanks.
Holger
PGP SIGNATURE
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
M/pZxu3jdtN646Fpn/0WHq4=
=wp6b
PGP SIGNATURE

man, 25.04.2005 kl. 17.48 skrev Holger Wesser:

short question: I try to add a local group via the NT-Usermanager
("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
on Debian Sarge (testing) with the smbldap-tools (v0.8.8).

What could I have done wrong?

Basically using LDAP and the smbldap-tools (v0.8.8) knowing what they
do, how they do it or having read through *all* the official Samba
documentation and done everything in it. Had you done so (judging that
tens of thousands have got it to work before you) it would work for you.

That having been said (my bounden duty to the Samba team), I have always
contended and still contend that the idealx smbldap-tools (whichever
version whatever) are UTTERLY USELESS to an LDAP pro who already has an
LDAP DSA running with a completely different DIT to which the idealx and
Samba people might decree.

However, the good news is, that whichever sysadmin:

a: first understands LDAP (at least several months experience for any
other use than Samba whatsoever)
b: second has had a concentrated look at Samba 3 utils and daemons;
c: third has a reasonable experience in awk, shell and sed scripting
(each of awk and sed one can teach oneself in a weekend, shell costs one
years, learn it first)

doesn't need the idealx tools.

Not needing the idealx tools means that the sysadmin is free to choose
his own LDAP DIT as he/she has already implemented it (long before
having started with Samba 3). The Samba daemons and utils of all kinds
do not need the idealx tools, they work perfectly without them. They
(the Samba daemons and uitils) were implemented by prophets of the true
way. idealx has to drag itself, groaning, to the heights that these
magnificent tools reached some time ago.

The Samba people don't need teaching, the idealx people need training in
what LDAP is. They seem to be utterly ignorant, as to that extent.

No, John H. T. I have not contacted the idealx people. That would be
useless. There are several thousand others besides me who find idealx's
method perfect, then there's me that doesn't. The difference is, that I
already had my DIT (multiple user bases, multiple group bases and much
more. Samba isn't there for LDAP, LDAP is there for Samba) and had to
make it work with Samba, not the other way around. So I can't use the
"on the fly" Samba scripts, I have to do things by hand. No skin off my
nose.

PGP SIGNED MESSAGE
Hash: SHA1

?

What do you want from me? Do you want to teach me the principles of
admin's work? In this case, feel free to open a new thread!!!

Holger

Tony Earnshaw wrote:
| man, 25.04.2005 kl. 17.48 skrev Holger Wesser:
|
|
|>short question: I try to add a local group via the NT-Usermanager
|>("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
|>group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
|>on Debian Sarge (testing) with the smbldap-tools (v0.8.8).
|>
|>What could I have done wrong?
|
|
| Basically using LDAP and the smbldap-tools (v0.8.8) knowing what they
| do, how they do it or having read through *all* the official Samba
| documentation and done everything in it. Had you done so (judging that
| tens of thousands have got it to work before you) it would work for you.
|
| That having been said (my bounden duty to the Samba team), I have always
| contended and still contend that the idealx smbldap-tools (whichever
| version whatever) are UTTERLY USELESS to an LDAP pro who already has an
| LDAP DSA running with a completely different DIT to which the idealx and
| Samba people might decree.
|
| However, the good news is, that whichever sysadmin:
|
| a: first understands LDAP (at least several months experience for any
| other use than Samba whatsoever)
| b: second has had a concentrated look at Samba 3 utils and daemons;
| c: third has a reasonable experience in awk, shell and sed scripting
| (each of awk and sed one can teach oneself in a weekend, shell costs one
| years, learn it first)
|
| doesn't need the idealx tools.
|
| Not needing the idealx tools means that the sysadmin is free to choose
| his own LDAP DIT as he/she has already implemented it (long before
| having started with Samba 3). The Samba daemons and utils of all kinds
| do not need the idealx tools, they work perfectly without them. They
| (the Samba daemons and uitils) were implemented by prophets of the true
| way. idealx has to drag itself, groaning, to the heights that these
| magnificent tools reached some time ago.
|
| The Samba people don't need teaching, the idealx people need training in
| what LDAP is. They seem to be utterly ignorant, as to that extent.
|
| No, John H. T. I have not contacted the idealx people. That would be
| useless. There are several thousand others besides me who find idealx's
| method perfect, then there's me that doesn't. The difference is, that I
| already had my DIT (multiple user bases, multiple group bases and much
| more. Samba isn't there for LDAP, LDAP is there for Samba) and had to
| make it work with Samba, not the other way around. So I can't use the
| "on the fly" Samba scripts, I have to do things by hand. No skin off my
| nose.
|
|
|

PGP SIGNATURE
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

GQM+f8IJFAd5THHTqPKw=
=ZlhY
PGP SIGNATURE

short question: I try to add a local group via the NT-Usermanager
("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
on Debian Sarge (testing) with the smbldap-tools (v0.8.8).

What could I have done wrong?

Well, what have you tried to debug this?

What is the output from running the add group script from the command
line? Do you have other groupmaps working just fine?

PGP SIGNED MESSAGE
Hash: SHA1

Hi Paul,

I tried it on the console and got a:

"/usr/sbin/smbldap-groupadd: unknown group type 4"

Well, I searched through the perl scripts, but sorry- as a
non-programmer I cannot find anything.

I set the log level to "3", but the outputs in the logfile seems to me okay.

Maybe I made errors when using the smbldap-groupadd command:

'smbldap-groupadd -a -g 1038 -t 2 abakus'

Unfortunately, I couldn't find an example how to use the command exactly.

Greetings,
Holger

Paul Gienger wrote:
|
|short question: I try to add a local group via the NT-Usermanager
|("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
|group works. I'm logged on as "Administrator". I'm running Samba 3.0.14a
|on Debian Sarge (testing) with the smbldap-tools (v0.8.8).
|>
|What could I have done wrong?
|
|
| Well, what have you tried to debug this?
| What is the output from running the add group script from the command
| line? Do you have other groupmaps working just fine?
|

PGP SIGNATURE
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

cnRuJLiWGdUbCtouLPgiKWg=
=bR4J
PGP SIGNATURE

PGP SIGNED MESSAGE
Hash: SHA1

Hi folks,

I think, there's something wrong with documentation of the
smbldap-scripts. In the doc is said:

"-t group type:set the NT Group type for the new group. Available values
are 2 (domain group), 4 (local group) and 5 (builtin group). The default
group type is 2."

That's wrong. The parameters are "-t domain", "-t local" or "-t
builtin". There is a mapping function in smbldap_tools.pm at line 903:

"
sub group_type_by_name {
~ my $type_name = shift;
~ my %groupmap = (
'domain' =2,
'local' =4,
'builtin' =5
);
~ return $groupmap{$type_name};
}
"

, that doesn't solve my origin problem, because I still can't create
local groups with the NT-Usermanager.

Greetings,
Holger

Holger Wesser wrote:
| Hi Paul,
|
| I tried it on the console and got a:
|
| "/usr/sbin/smbldap-groupadd: unknown group type 4"
|
| Well, I searched through the perl scripts, but sorry- as a
| non-programmer I cannot find anything.
|
| I set the log level to "3", but the outputs in the logfile seems to me
| okay.
|
| Maybe I made errors when using the smbldap-groupadd command:
|
| 'smbldap-groupadd -a -g 1038 -t 2 abakus'
|
| Unfortunately, I couldn't find an example how to use the command exactly.
|
| Greetings,
| Holger
|
|
| Paul Gienger wrote:
| |
| |short question: I try to add a local group via the NT-Usermanager
| |("usrmgr.exe"), but everytime I get a "Access denied". Adding a global
| |group works. I'm logged on as "Administrator". I'm running Samba
3.0.14a
| |on Debian Sarge (testing) with the smbldap-tools (v0.8.8).
| |>
| |What could I have done wrong?
| |
| |
| | Well, what have you tried to debug this?
| | What is the output from running the add group script from the command
| | line? Do you have other groupmaps working just fine?
| |
|
PGP SIGNATURE
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

2sXWTJ+RHE5Snx/lfeQ=
=Pi6A
PGP SIGNATURE