samba@lists.samba.org
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

from [Jim C.]
Subject: [Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
From: "Jim C."
Date: Wed, 29 Sep 2004 20:52:00 -0700
Can you reccomend appropriate log levels for slapd/smbd? I've always 
...

statement like:
access to dn.subtree="dc=j9starr,dc=net"
    by group="cnReplicator,ou=Group,dc=j9starr,dc=net"
    by * read
doesn't work, adding regexp to it won't help to resolve this problem. Did you check that it works without group with a simple 'by dn='? Ok, sorry... I've got in a lecture mood. It's just too confusing to see what exactly you do and what kind of problems you encounter.
Actually, I think I am on to something. Putting the ACL's under a microscope lead to the revelation of some differences in group structure from what I am using and those previously reccomended by Buchan Milne. 

Mine:


[root@enigma 0 root]$ smbldap-groupshow 'Domain Controllers'
dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup,sambaGroupMapping
cn: Domain Controllers
sambaGroupType: 2
sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516
gidNumber: 516
displayName: Domain Controllers
memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net


His:


dn: cn=Domain
Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com
objectClass: groupOfNames
objectClass: top
cn: Domain Controllers
member:
cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
member:
cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
Now I don't know how slapd deals with groups but if it specifically needs groupOfNames, then I may have a problem. I'll see if I can manipulate the structure to include groupOfNames. Who knows, I might be able to do it without redunancy. 


Jim C.
--
-----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings@xxxxxxxxxxx  AIM: WyteLi0n  ICQ: 123291844    |
|---------------------------------------------------------------|
| Y!: j_c_llings               Jabber: jcllings@xxxxxxxxxxxxx   |
-----------------------------------------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Samba] 3.0.7 CUPS Conflict?, L. Mark Stone
Next by Date:  [Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?, Igor Belyi
Previous by Thread:  [Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?, Igor Belyi
Next by Thread:  [Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?, Igor Belyi
Indexes:  [Date] [Thread] [Top] [All Lists]