[Samba] ldapsearch and getent passd/group with nss winbind differs
Gerald (Jerry) Carter
jerry at samba.org
Tue Aug 19 20:01:34 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Ladanyi wrote:
> Hi,
>
> after deleting winbindd_idmap and winbindd_cache.tdb files:
>
> For security =domain AND security=ADS !
>
> wbinfo -u /-g /-t are ok !
>
> getent passwd is ok.
>
> getent group shows different group memberships as ldapsearch with filter
> "msSFU30PosixMemberOf".
Winbind honors the Windows group membership and not
necessarily "msSFU30PosixMemberOf" attributes.
>
> smb.conf - winbind:
>
> winbind separator = /
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 60
> idmap backend = ad
> idmap uid = 6000-27000
> idmap gid = 600-7000
> template shell = /bin/bash
> template homedir = /home/%u
> winbind use default domain = yes
> winbind refresh tickets = yes
> winbind nss info = template sfu
>
> Any ideas ?
>
> Andy
>
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIqyaeIR7qMdg1EfYRAgZWAKDRsC9qFFIIlIYZTgcrrt/+eZNiBQCcDNHE
lxx+F3++8Y8maDRIxl3Xny8=
=xmUQ
-----END PGP SIGNATURE-----
More information about the samba
mailing list