On Fri, 2005-11-18 at 19:10 +0000, Tony Austin wrote:
> >> Nov 18 12:33:18 localhost slapd: conn=39 op=1 SEARCH RESULT
> >> tag=101
> >> err=32 nentries=0 text=
> >> Nov 18 12:33:18 localhost slapd: conn=39 fd=17 closed
> >> So the problem now seems to be that I am not able to get
> >> objectclass=posixGroup items returned.
> >> I'm not sure what to do now.
> > ----
> > err=32 means 'no such object' which probably comes as no surprise.
> > You now have to look for consistency as objectclass=posixGroup doesn't
> > cut it for Samba.
> I don't quite understand what you are saying here.
> root#getent group
> is looking for posixGroups, this may not be what Samba wants, but I still
> don't understand why it does not return them.
actually, I think it will return anything that is listed for group
attribute in /etc/ldap.conf - whether it has posixGroup or not - I'm not
really sure but I think that is the case. All of my entries are at least
posixGroup so I don't know.
> Maybe you are also saying that getent should be looking for sambaGroup and
> not posixGroup?
> > was your group configuration correct when you ran smbldap-populate? This
> > would likely account for this issue.
> > According to your initial email...
> > nss_base_group ou=Groups,dc=phoenixinteriorsltd,dc=com?one
> > so did the configuration for groups in smbldap-tools have that properly
> > set?
> > slapcat |grep sambaGroup
> > Craig
> root#slapcat|grep sambaGroup
> returns a bunch of:-
> objectClass: sambaGroupMapping
> sambaGroupType: 2
yeah - that sounds good to me.
the following works for me (adjust your -b (base) and -D
(authentication) as necessary...
[root@srv1 config]# ldapsearch -x -h localhost \
-D 'cn=root,dc=azapple,dc=com' \
-b 'ou=Groups,dc=azapple,dc=com' -W '(cn=*)'
I get a complete listing of the groups and I can see if they have
sambaGroupMapping and posixGroup objectclass or not.
this was interesting also...
# slapcat |grep Groups
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
To unsubscribe from this list go to the following URL and read the