[Samba] Winbind with samba PDC

Buchan Milne bgmilne at cae.co.za
Mon Oct 28 11:07:00 GMT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 4
> Date: Fri, 25 Oct 2002 15:51:50 -0300
> From: "cyroreal" <cyroreal at bol.com.br>
> To: "samba" <samba at lists.samba.org>
> To: "samba-nt-domain" <samba-ntdom at lists.samba.org>
> Subject: [Samba] Winbind with samba PDC
>
> Is it possible to use winbind to authenticate my Mandrake
> 9.0 (samba 2.2.6) machine on my windows domain (controled
> by a Mandrake 8.2 (samba 2.2.6) server??? I tryed and the
> users are working fine, but the groups that i use to my
> windows shares are not, where do i set on the samba
> server wich groups are my domain groups, is it possible??

This isn't possible, AFAIK there are issues both with samba's groups
handling (you should notice you can't use domain groups on ACLs on
client machines) and winbind's group support (even against Windows DCs)
in 2.2.x.

It could be possible with samba3, but samba3 is not recommended for
production yet. I have RPMs of samba-3alpha20 that will parallel install
with samba-2.2.x (well, currently built for 9.0, but I can build on 8.2
if necessary).

The problem though (with any samba->winbind solution) is that you won't
have consistent uid's between machines, so you won't be able to use
things like NFS.

The better solution is probably to setup LDAP. This will allow you to
use group permissions on samba servers, and NFS between machines.

You can find a tutorial for setting up LDAP on Mandrake at
http://www.mandrakesecure.net

You can then also setup samba to store it's passwords in LDAP, and there
are LDAP-enabled RPMs of samba-2.2.6 at
http://ranger.dnsalias.com/mandrake/samba (soon to be on ftp.samba.org).

Shout if you want some pointers on setting up samba for LDAP on
Mandrake, most work is done for you, you can take a look at the
/etc/samba/smbldap_conf.pm (I think) and the import script in
/usr/share/samba/scripts. Also be sure to look at the new configuration
options in the default smb.conf (will be installed as smb.conf.rpmnew).

Regards,
Buchan

P.S. The samba-ntdom list doesn't exist any more.

- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9vRrVrJK6UGDSBKcRAhpxAJ93HCNg9VxZiJW0dYMtpF3MVrOuQQCfQzBc
z9NYHgBHbZxCA7bDHeTkyo4=
=m1MX
-----END PGP SIGNATURE-----

More information about the samba mailing list