Winbind - functionality
Andrew Bartlett
abartlet at samba.org
Tue Jul 21 16:20:09 MDT 2009
On Tue, 2009-07-21 at 14:21 -0500, MICHAEL BROWN wrote:
> Hello Mr. Bartlet,
> this does indeed allow import of uid/gid information into SAMBA 4 AD backend using non "msSFU" attributes. Using
> the normal POSIX uid/gid LDAP attributes work great. I can join SAMBA 3.4 to SAMBA 4 just fine. The problem I am having
> with SAMBA 3.4 is that SAMBA is not recognizing the groups defined within the share areas within the smb.conf file.
> However, the user is pulled from the AD backend just fine (if the shares are configured with no groups). Meaning,
> within the smb.conf file, I typically set group access to shares defined as:
>
> [myshare]
> valid users = @Mygroup, @ThisGroup
>
> To explain, I don't want to use Winbind at all.
> I have everything configured with nss-ldap within the nsswitch.conf file.
> Also, I have modified my ldap.conf file to pull this information from SAMBA 4's AD backend using the correct attributes
> defined within the Win2008 schema and the groups and users are picked up just like my OpenLDAP backend perfectly.
> Meaning, getent group and shadow pull just like the OpenLDAP backend calls. I can't point smb.conf to AD via an
> LDAP call because it is wanting SAMBA attributes that are not within the Windows 2008 schema.
> Is there any way I can get SAMBA 3 to recognize the AD groups (just like it does the users) with nss-ldap?
I strongly recommend you use winbindd. This is the Samba Team's
supported client for AD servers.
If the problem was so easy that a simple nss_ldap invocation handled it
properly, we would not have 'wasted' so much time on winbind. It was
developed for a very real reason.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090722/391e5985/attachment.pgp>
More information about the samba-technical
mailing list