[Samba] Samba 3 as PDC with LDAP as passwd backend
gary ng
garyng2000 at yahoo.com
Thu Sep 18 09:35:55 GMT 2003
People said one minor difference in smb.conf can
result in completely different result and now I
believe it. The reason that it is wrong is that I
don't have 'domain logons = yes' which continue to
make samba thinks it is a stand alone server, not a
PDC/BDC. After that entry, things is getting better.
The LDAP entries are correct, and wbinfo -u gives me :
EXAMPLE\testing
which is the user I created.
However, 'net getlocalsid' and 'net getlocalsid
example' still both gives me the same result :
woody:/etc/samba# net getlocalsid
SID for domain WOODY is:
S-1-5-21-3032950689-949544758-3596382992
woody:/etc/samba# net getlocalsid example
SID for domain example is:
S-1-5-21-3032950689-949544758-3596382992
woody:/etc/samba#
Don't know if it should be the case.
As for the UNIX uid/gid mapping, I am wondering if it
is possible to just use the same sambaSamAccount(and
add posixAccount objectClass) and add the uid/gid
mapping for unix there. I have my libnss_ldap setup
properly already(that is, I don't need any local entry
in passwd or group file) but I don't quite understand
how SAMBA works yet.
--- jean-marc pouchoulon
<jean-marc.pouchoulon at ac-montpellier.fr> wrote:
>
> >net getlocalsid gives :
> >SID for domain WOODY is:
> S-1-5-21-3032950689-949544758-3596382992
>
> what is the answer of "net getlocalsid
> YOURDOMAINNAME" command.
> This is the sid of the domain.
> It seems that domain name sid and local name
> sid can/must? be the
> same on the PDC. I learnt that two machines on the
> same network can't
> have the same sid, so on the PDC sid of the domain
> and sid of the server
> must be different. ( if I am wrong tell it to me
> please )
>
>
> >BTW, is it true that if I use 'pdbedit + the LDAP
> >backend', I don't need smbpasswd for account
> >management(and I don't need to create local unix
> >accounts?) and probably that I don't even need
> pdbedit
> >other than the initial setup as I can use the NT
> >frondend ?
>
> You may have your user on a ldap directory ( with
> nss-ldap) or
> in /etc/passwd but the users must be present
> elsewhere.( I remenbered in
> a mail something like "getuid must resolve" for
> samba )
>
> Jean-Marc
>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the samba
mailing list