[Samba] samba3: domain member server: user mapping problem (ldap)

Jelmer Vernooij jelmer at vernstok.nl
Tue Sep 30 10:40:55 GMT 2003


On Tue, 2003-09-30 at 12:27, Gunther Schlegel wrote:
> > You should set 'security = domain' (that way, the user and group lists
> > are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend'
> > should be set (SID-to-UID and SID-to-GID mappings can't be retrieved
> > from the PDC).
> 
> This is in fact the first configuration I tried because it seemed to be
> the "natural" solution. 
> 
> I still have some questions and hope you can help me again:
> 
> a) I had to use winbind to get any use of the passdb backend setting.
> However, in opposite to the HowTo Collection §10.2.3 / Example table
> 10.1 the line in smb.conf had to be 
> 
> idmap backend  = ldap:ldap://leibniz.rsidus.riege.de, and not
>                  ^^^^
> 
> idmap backend  = ldapsam:ldap://leibniz.rsidus.riege.de
>                  ^^^^^^^ 
Thanks, I fixed it in the documentation.

> b) am I supposed to use winbind at all? I am already using pam_ldap and
> nss_ldap on the server. The winbind settings are:
> 
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind trusted domains only = yes
> 
> The UIDs/GIDs actually used in LDAP are in between 600 and 3000.
I figure idmap is not working correctly (or it's supposed to work
differently as the last time I looked at it..)

> c) net groupmap still does not list anything.
'net groupmap list' does not give any output _at all_ ?

> d) In windows the system still shows the rights as [member
> server]\username instead of DOMAIN\username. 
> 
> e) do I have to adjust the member servers SID? It created it's own one
> and it is different from the domains SID. 
Have you joined the domain correctly? Each workstation also has it's own
SID, so that shouldn't be a problem.

--
Jelmer Vernooij  - http://jelmer.vernstok.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030930/fcb4fe17/attachment.bin


More information about the samba mailing list