[Samba] sid_to_uid: Domain controller lookup missing
Christopher Odenbach
odenbach at hni.uni-paderborn.de
Mon Sep 16 12:03:01 GMT 2002
Hi,
> > Please make things clearer to me. :-)
>
> In samba-2.2.x there is no way for ACLs to work on a server that does
> not have the SID matching the domain, and winbind supposedly can't
Oh dear.
> (except with older vversions of samba-2.2.x on the DC) use a samba
> server. This means:
>
> 1)Make all your samba servers that need ACLs domain controllers. This
> can be done with ldap as passdb backend (haven't tested, but it
> should work I think)
We do not have ldap yet, so this will not work for us.
> 2)Only use ACLs on the DC
> 3)Use samba_head on the DC
As I already mentioned the Domain Controller is an NT4 PDC, not a samba
server. So these two are no possible options for me either.
> If winbind is actually working, but the only problem is that the
> username it gets doesn't match the local username, then you should
> try 'winbind use default domain = yes' in your smb.conf on all the
> machines running winbind, so that winbind will look up axel, instead
> of HNIRB\axel.
I have just tried - does not do anything else.
> If I were you (and we're going to be doing this soon), I would choose
> (a).
You are going to be me? That sounds funny...
So (a) is 1)? ldap? That would be quite a huge change to our network,
so it can't be done in a few days.
I think I'll try to hack the sources... :-)
Christopher
More information about the samba
mailing list