[Samba] Samba3 PDC + LDAP + winbindd?

[Jake Dalton]

Hi,

I'm trying to set up a single sign-on system across both linux and windows
with a Samba3 PDC and OpenLDAP backend.  I've been trying to follow the
documentation included with Samba3 but I don't seem to be having much
success.

 

So I have few questions.

#1:  What services are necessary for this to work?  I know smbd, nmbd and
slapd are for sure required.  But I can't figure out whether winbindd should
be running with this system or not.  As far as I understand, it is.  It will
provide the ability for domain users to log into linux systems with their
domain credentials.

 

#2:  How do the idmap mappings get created?  I have the ldap idmap suffix
option set to a valid location but I've never seen any entries get put in
there.

 

#3:  What constitutes a domain group in ldapsam?  From what I can tell, the
sambaGroupMapping object class indicates a domain group.  But every domain
group needs to map to a posixGroup objectclass entry.  So if every domain
group has a one-to-one mapping to a group gid, why is there a need for
winbindd to generate mappings for domain groups?

 

#4:  Is there an easy way to test the smbd+slapd configuration?  I want to
make sure that those two are configured and working correctly before I start
expanding the configuration to adding other machines to the domain.

 

#5:  When I run wbinfo -u or wbinfo -g both return with "Error looking up
domain [users|groups]" but if I tried wbinfo -n <testuser> I actually get a
SID back.  What could cause this?

 

Any help would be appreciated.  If someone has samba3 PDC + OpenLDAP system
set up, a dump in ldif format (with sensitive info removed) of the ldap
directory would be a great help, as well as sample smb.conf's or any other
suggestions.

 

Thanks.

Jake