[Samba] Winbind + NIS + winbind trusted domains
Christoph Scheeder
christoph.scheeder at scheeder.de
Wed Dec 15 10:36:38 GMT 2004
Hi,
that behavior is logical correct, i would say.
What happens is:
the user is found from nis, and gets an userid not from the winbind-range.
As a result samba is not able to verify this uid against the AD, as it
is not an AD-user-id.
i guess to achive what you want you would have to add the nis-users to
the local smbpasswd-database with the correct username and password and
tell samba to loock up users first in local database and then in AD.
But i don't know if this is possible, i never tried it.
question to the developpers,
IF the AD-mode is implemented as a normal TDB-Backend i guess it would
work, but i think this is a little bit a diffrent beast, isn't it?
wouldn't it be a nifty feature for futere versions of samba, giving it
much more flexibility?
Christoph
Plant, Dean schrieb:
> Hello list,
>
> I need to setup a samba file server with user access from a Windows AD
> domain and a separate Solaris NIS domain. All of our users have an account
> on the AD domain but only some of our users have a Unix account. I would
> like Windows users that have a Unix account to have files written as per
> their Unix uid and users that do not have an account to have a uid assigned
> from winbind.
>
> I had thought of using winbind with
>
> winbind trusted domains only = yes
>
> with the nsswitch.conf file listing
>
> passwd: files winbind nis
> shadow: files winbind nis
> group: files winbind nis
>
> which I thought would match known user names to NIS id's and unknown user
> names to winbind uid's. This does not work as I expected as all users are
> given winbind uid's
>
> If I change nsswitch.conf to
>
> passwd: files nis winbind
> shadow: files nis winbind
> group: files nis winbind
>
> Users that have Unix accounts are given the NIS uid but users without a Unix
> account are asked for a username/password when connecting to Samba.
>
> Can anyone confirm that what I am trying to do is possible and if so any
> idea's what I have missed.
>
> I am testing with 3.0.9 on FC3
>
> My smb.conf below
>
> [global]
>
> workgroup = AD
> server string = Samba
> printcap name = /etc/printcap
> load printers = yes
> cups options = raw
> log file = /var/log/samba/%m.log
> max log size = 50
> security = ads
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> name resolve order = wins bcast
> wins server = 192.168.2.19
> dns proxy = no
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/false
> password server = *
> realm = AD.MYDOMAIN.CO.UK
> winbind trusted domains only = yes
> winbind use default domain = no
>
> Thanks in advance
>
> Dean Plant
>
More information about the samba
mailing list