[Samba] samba3: domain member server: user mapping problem (ldap)

Gunther Schlegel schlegel at riege.com
Tue Sep 30 10:27:18 GMT 2003


Hi Jelmer,

thanks for your message.

> You should set 'security = domain' (that way, the user and group lists
> are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend'
> should be set (SID-to-UID and SID-to-GID mappings can't be retrieved
> from the PDC).

This is in fact the first configuration I tried because it seemed to be
the "natural" solution. 

I still have some questions and hope you can help me again:

a) I had to use winbind to get any use of the passdb backend setting.
However, in opposite to the HowTo Collection §10.2.3 / Example table
10.1 the line in smb.conf had to be 

idmap backend  = ldap:ldap://leibniz.rsidus.riege.de, and not
                 ^^^^

idmap backend  = ldapsam:ldap://leibniz.rsidus.riege.de
                 ^^^^^^^ 

b) am I supposed to use winbind at all? I am already using pam_ldap and
nss_ldap on the server. The winbind settings are:

idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = yes

The UIDs/GIDs actually used in LDAP are in between 600 and 3000.

c) net groupmap still does not list anything.

d) In windows the system still shows the rights as [member
server]\username instead of DOMAIN\username. 

e) do I have to adjust the member servers SID? It created it's own one
and it is different from the domains SID. 

regards, Gunther

-- 
Gunther Schlegel                    Riege Software International GmbH
Manager System Administration                            Mollsfeld 10
                                             40670 Meerbusch, Germany
Email: schlegel at riege.de                      Phone: +49-2159-9148-0
                                              Fax:   +49-2159-9148-11
---------------------------------------------------------------------

Disclaimer:
You may grab my GPG key from http://www.keyserver.net .
A nonproportional font is recommended for reading.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030930/deae2db4/attachment.bin


More information about the samba mailing list