[Samba] Samba PDC+LDAP+Winbind+Virtual Users/Groups Success

Andrew Bartlett abartlet at samba.org
Wed Jan 28 09:56:54 GMT 2004 

On Wed, 2004-01-28 at 14:14, Clay wrote:
> Hello All,
> 
> I want to thank everyone who reads and responds to this group. You have all
> been an invaluable help to me.
> 
> I now have a working Samba 3.0.1 LDAP PDC and domain member server using
> winbind (both servers are running Slackware 9.1).
> I also have virtual users and groups using nss_ldap from www.padl.com,
> without pam or users/groups in /etc/passwd or /etc/group only in the LDAP
> backend....
> 
> Everything works great
> 
> getent passwd lists the ldap users, getent group lists the groups, wbinfo -u
> works, wbinfo -g works...
> 
> My only questions are
> 1. On my domain member server, I have to set the passdb backend = smbpasswd
> otherwise if passdb backend = ldapsam:ldap://frodo, then winbindd won't
> start...
> FYI on the domain member server running winbindd, the smbpasswd file is 0kb
> so nothing is being stored there...???

This is correct.  The domain member server often has no local accounts.

> 2. Also I have also read about a parameter idmap backend, which works to
> ensure the correct user/group id mappings across different servers
> running winbind....(please correct me if I am wrong about this)
> 
> but if i add this parameter in the my smb.conf file like
> 
> idmap backend = ldap:ldap://frodo/ the log seems to complain about not
> finding a file called ldap.so
> and winbindd will again fail to start...

Is your Samba on the member server compiled with ldap?

> Am I supposed to be running winbindd on the PDC also or just on domain
> member server....??

Normally on the member servers only, unless you have domain trusts or
some other particular requirements.

> Do I need all the LDAP entries on the domain member server....like on the
> PDC??
> the results for me anyway are the same in either case ...just curious...

If you do, you can avoid running winbind for nsswitch.  This may be
advantageous for your local environment.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040128/50168e46/attachment.bin

More information about the samba mailing list