[Samba] NT4 Domain PDC with Ldap backend and domain members

ERIC PEYREMORTE eric.peyremorte at univ-grenoble-alpes.fr
Tue Jul 7 12:16:28 UTC 2020 

Sorry, i say samba 3, meaning samba not AD but NT4-Style domain as i use samba 4.2 on this marchine. 

It's a shame i can't use openldap user information on domain member, as mapping are already done there. 

Using passdb backend = ldapsam:ldap://172.30.1.250/ works but i need to hack SID in sambaDomainName to match domain SID (meaning my member 
SID for local machine matches SID for domain using net getdomainsid on client) 

Eric 



De: "sambalist" <samba at lists.samba.org> 
À: "sambalist" <samba at lists.samba.org> 
Envoyé: Mardi 7 Juillet 2020 13:11:23 
Objet: Re: [Samba] NT4 Domain PDC with Ldap backend and domain members 

On 07/07/2020 11:39, ERIC PEYREMORTE wrote: 
> Hi, thanks for your answer. 
> 
> We are migrating on AD, but the legacy domain will stay for few a 
> months. I still use samba 4.2 (before upgrading every file server). 
4.2 is EOL, but I think you know that ;-) 
> 
> I don't understand how winbind will be used. I don't need an ou=Idmap 
> as user entry in uid=login already contains the association between 
> uid and sambaSID in the openldap passdb backend (on the DC). 
OK, your PDC needs to know who your users and groups are, but, like an 
AD DC, you shouldn't use the PDC as a fileserver. 
> 
> I just need the domain member to use that information, it seems that 
> winbind is unable to do that : it's going to make it's own uid <> sid 
> mapping and store it in ldap ou=idmap. 

It doesn't actually, I created a test NT4-style domain last week, to 
remind me how they worked, you create the users and groups on the PDC, 
joining a computer creates a computer object in ldap on the PDC. 
However, your users and groups get ID's from winbind based in the range 
you set in the clients smb.conf 
> 
> Maybe it's not possible to correctly use domain member with a samba 3 
> + openldap pdc ? I didn't find any winbind doc covering that case... 

By 'samba 3' do you mean Samba version 3.x.x and if so, what version, or 
do you mean an NT4-style domain ? 

Rowland 



-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list