[Samba] idmap + ldap + nsswitch +winbindd

Matt Pusateri mpusateri at ims-tpa.com
Fri Nov 7 04:16:31 GMT 2003 

Ok, this helps but I am still confused.  I have FreeBSD 4.8 installed with Openldap 2.1 and Samba 3.0.0   LDAP is working via PAM_LDAP for Unix logins and I can browse and connect from a Windows 98 machine to the samba server and get authenticated via the LDAP server.  I wanted to get the groupmap working because I want to connect a W2K server to the domain and also some W2K Pro clients.  So my confusion is on the Winbindd/Group Mapping.  I don't have the config files in front of me but I can post them tomorrow.  Anyhow I have passwd backend set to the ldap server, when I do this I get nothing from the "net groupmap list" command.  When I set the passwd backend to tdbsam I get a listing of NT group sids.  I have idmap backend set to the the LDAP server which I realize now won't work on FreeBSD 4.8 because of lack of nsswitch support.  I commented out the idmap backends in smb.conf with the same results.

How should I configure the groupmap database in smb.conf?

If the groupmaps are stored locally and I want to put a BDC on the net, then I will have to sync the groupmap databases manually since I can't store them in LDAP - Correct?

Should enable some debug logging? if so what? 

Sorry for so many questions I have read the HowTo's, but it seems that if you are using tdbsam , everything just kind of works.  But it is not real clear how to configure groupmaps when using LDAP or LDAP for Users and Local for group maps.

Thank You,

Matt

>>> "Gerald (Jerry) Carter" <jerry at samba.org> 11/06/03 06:08PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Pusateri wrote:
| Hello,
|
| I have a couple of questions regarding group mapping.
| I am working on configuring Samba 3.0.0 on FreeBSD with
| LDAP support.
|
| 1. Am I correct in that winbindd needs nsswitch to work?
| If so I would need to run FreeBSD 5.1 and not FreeBSD
| 4.x so that I had NSSwitch support.

The general answer is yes.

| 3. If I don't need NSSwitch for Domain group
| functionality. Do I need to store groupmaps in
| LDAP or can I store users in LDAP and groupmaps
| in the winbindd_idmap.tdb?

group mappings can be stored locall in
group_mapping.tdb.  Winbindd is not
required for Samba 3's group mapping feature.



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQE/qtSHIR7qMdg1EfYRAkrDAJ0dQqAow6rkxfr9N/lMYHCbeOxykgCePfb/
+lc00+HYmZUIZ+0nPMwaYCg=
=ypx2
-----END PGP SIGNATURE-----

More information about the samba mailing list