I followed the document until I get the following error:
#/opt/fedora-ds/slapd-miapogo/ldif2ldap "cn=Directory Manager" fds80000
/tmp/sambaGroups.ldif
This command returns:
adding new entry cn=Domain Admins,ou=Groups,dc=sefsc,dc=noaa,dc=gov
adding new entry cn=Domain Users,ou=Groups,dc=sefsc,dc=noaa,dc=gov
adding new entry cn=Domain Guests,ou=Groups,dc=sefsc,dc=noaa,dc=gov
adding new entry cn=Domain
Computers,ou=Groups,dc=sefsc,dc=noaa,dc=gov
I then run the following command:
# net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain
Admins'
This command returns:
[2005/08/19 09:48:37, 0]
passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(2330)
ldapsam_add_group_mapping_entry: failed to add group 2512 error:
Insufficient 'write' privilege to teh 'sambaSID' attribute of
entry 'cn=domain admins,ou=groups,dc=sefsc,dc=noaa,dc=gov'.
(Insufficient access)
adding entry for group Domain Admins failed!
I am a novice on this subject and have no idea how to fix it. Please
help!
Tom Tran
----- Original Message -----
From: <Tom.Tran(a)noaa.gov>
Date: Wednesday, August 17, 2005 3:15 pm
Subject: Samba - Fedora-ds Integration (HOWTO:SAMBA)
Hi,
I have problems with following the instruction in the HOWTO:SAMBA
document. I have RedHat 4.1.18, samba-3.0.10, and
fedora-ds-7.1-2.RHEL4. I don't have ldap or openldap installed
because
I am using fedora-ds
instead. I tested samba and fedora-ds, both seemed to work fine.
I
also made sure that samba's daemons
(smbd, nmbd, winbindd), and fedora-ds were started
I followed the steps in the HOWTO:SAMBA doc, when I reached the
step "Populating FDS with PDC
Entry" and ran the command:
# net getlocalsid
I got the message:
lib/smbldap.c:smbldap_search_domain_info(1392)
Adding domain info to SEFSC failed with NT_STATUS_UNSUCCESSFUL
SID for domain MIAPOGO is : S-1-5-21-2139381707-154793685-
3088283579
Here is my /etc/samba/smb.conf
------------------------------
# Global parameters
[global]
workgroup = SEFSC
netbios name = MIAPOGO
server string = Samba %u on (%L)
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
cups options = raw
security = user
passdb backend =
ldapsam:ldap://miapogo.sefsc.noaa.gov
ldap suffix = dc=sefsc,dc=noaa,dc=gov
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
os level = 33
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
logon home = \\%L\%u\profiles
logon path = \\%L\profiles\%u
logon drive = H:
template shell = /bin/false
winbind use default domain = yes
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
browseable = no
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
--------------------------
Tom Tran