[Samba] Winbind UID/GID unification across multiple machine solution

Gerald (Jerry) Carter jerry at samba.org
Mon Jan 12 17:02:26 GMT 2004

Hash: SHA1

malk at sidehack.sat.gweep.net wrote:

> If there's a better way to do it, let me know -- I couldn't find anything
> so I rolled my own and I'd like to offer back the solution to anyone else
> who needs it.  I'm aware that perhaps in the future Samba will
> use an algorithm based UID to GID mapping making this setup unnecessary.

Thanks for passing thsi along.

There are 2 official solutions for this sceanrio in Samba 3.0

   (a) store the uid/gid mappings in LDAP for access by multiple
       winbindd installations. or
   (b) Have existing UNIX accounts for windows users, run winbindd
       and set 'winbind trusted domains only = yes'.

Solution (a) does not require pam_ldap or nss_ldap or any support
for the RFC2307 schema so you don't have to migrate to from NIS ->
LDAP for this.

And note that (b) only works for users/groups in the domain to which
the samba server is joined.

cheers, jerry
  Hewlett-Packard            ------------------------- http://www.hp.com
  SAMBA Team                 ---------------------- http://www.samba.org
  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list