[Samba] Samba3 PDC + LDAP + winbindd?
jakedalt at hotmail.com
Wed Oct 8 14:15:51 GMT 2003
I'm trying to set up a single sign-on system across both linux and windows
with a Samba3 PDC and OpenLDAP backend. I've been trying to follow the
documentation included with Samba3 but I don't seem to be having much
So I have few questions.
#1: What services are necessary for this to work? I know smbd, nmbd and
slapd are for sure required. But I can't figure out whether winbindd should
be running with this system or not. As far as I understand, it is. It will
provide the ability for domain users to log into linux systems with their
#2: How do the idmap mappings get created? I have the ldap idmap suffix
option set to a valid location but I've never seen any entries get put in
#3: What constitutes a domain group in ldapsam? From what I can tell, the
sambaGroupMapping object class indicates a domain group. But every domain
group needs to map to a posixGroup objectclass entry. So if every domain
group has a one-to-one mapping to a group gid, why is there a need for
winbindd to generate mappings for domain groups?
#4: Is there an easy way to test the smbd+slapd configuration? I want to
make sure that those two are configured and working correctly before I start
expanding the configuration to adding other machines to the domain.
#5: When I run wbinfo -u or wbinfo -g both return with "Error looking up
domain [users|groups]" but if I tried wbinfo -n <testuser> I actually get a
SID back. What could cause this?
Any help would be appreciated. If someone has samba3 PDC + OpenLDAP system
set up, a dump in ldif format (with sensitive info removed) of the ldap
directory would be a great help, as well as sample smb.conf's or any other
More information about the samba