[Samba] Winbind + NIS + winbind trusted domains

Plant, Dean dean.plant at roke.co.uk
Wed Dec 15 10:14:12 GMT 2004

Hello list,

I need to setup a samba file server with user access from a Windows AD
domain and a separate Solaris NIS domain. All of our users have an account
on the AD domain but only some of our users have a Unix account. I would
like Windows users that have a Unix account to have files written as per
their Unix uid and users that do not have an account to have a uid assigned
from winbind. 

I had thought of using winbind with

winbind trusted domains only = yes 

with the nsswitch.conf file listing 

passwd:     files winbind nis
shadow:     files winbind nis
group:      files winbind nis

which I thought would match known user names to NIS id's and unknown user
names to winbind uid's. This does not work as I expected as all users are
given winbind uid's

If I change nsswitch.conf to 

passwd:     files nis winbind
shadow:     files nis winbind
group:      files nis winbind

Users that have Unix accounts are given the NIS uid but users without a Unix
account are asked for a username/password when connecting to Samba.

Can anyone confirm that what I am trying to do is possible and if so any
idea's what I have missed.

I am testing with 3.0.9 on FC3

My smb.conf below


workgroup = AD
server string = Samba
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = ads
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
name resolve order = wins bcast
wins server =
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
password server = *
winbind trusted domains only = yes
winbind use default domain = no

Thanks in advance

Dean Plant


Visit our website at www.roke.co.uk

Roke Manor Research Ltd, Roke Manor, Romsey, Hampshire SO51 0ZN, UK.

The information contained in this e-mail and any attachments is proprietary to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.

More information about the samba mailing list