idmap in 'security = samba-controlled domain' with nss_ldap

Gerald (Jerry) Carter jerry at samba.org
Tue Dec 16 15:07:48 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:

| I've already fixed this in 3.0.1 (a month oago I think).
| Run winbindd on the domain member and set
|
|     winbind trusted domains only = yes
|
| This causes winbindd to resolve SID's against local
| accounts.  You just better make sure that every account
| in your domain has a local unix account.

As background, the original patch was done to get acls
working with nss_ldap against AD using SFU.  But it will
also work against NIS.





cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/3x/EIR7qMdg1EfYRAhhcAKDp+xxOvbcb2xjySQn83FqmM5x9fgCgkVlJ
txjnUUkJsUk0dgBI3I7h+xo=
=6G06
-----END PGP SIGNATURE-----



More information about the samba-technical mailing list