[Samba] How do I get Winbind accounts in LDAP?

Kent L. Nasveschuk kent at wareham.k12.ma.us
Sat Jan 3 23:12:13 GMT 2004

I've seen this posting before but I need to get a grasp on this. I am
using winbindd for users that don't have a local account on a Linux box.
I thought that placing the entries below in the smb.conf would create
users in ou=Idmap. Instead the ou=Idmap increments the uidNumber with
every user that is added,but the user ID mappings are stored in
/usr/local/var/locks/winbindd_idmap.tdb. What entry in smb.conf will
change this. These are the applicable portions of smb.conf.

        ldap suffix = dc=tow,dc=net
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap admin dn = cn=admin,dc=tow,dc=net
        ldap ssl = no
        idmap backend = ldap:ldap://
        ldap idmap suffix = ou=Idmap
        winbind separator = +
        idmap uid = 40000-50000
        idmap gid = 40000-50000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /accounts/default/%D/%U
        template shell = /bin/bash
        winbind use default domain = yes
        winbind cache time = 15
        obey pam restrictions = yes

So I use wbinfo -c <username>. This returns a RID number. User can now
login or use smbclient -L localhost -U <username> <password> and get
available shares on this BDC. In LDAP directory is incremented by 1, but
there are no entries.

How do I move the entries that are stored in
/usr/local/var/locks/winbindd_idmap.tdb to the LDAP directory?

What I've omitted in all this is that pam and pam_winbind is setup
correctly, which I believe it is.

nasve525 at regis.edu
kent at wareham.k12.ma.us

"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"

More information about the samba mailing list