[Samba] Samba PDC+LDAP+Winbind+Virtual Users/Groups Success
Andrew Bartlett
abartlet at samba.org
Wed Jan 28 09:56:54 GMT 2004
On Wed, 2004-01-28 at 14:14, Clay wrote:
> Hello All,
>
> I want to thank everyone who reads and responds to this group. You have all
> been an invaluable help to me.
>
> I now have a working Samba 3.0.1 LDAP PDC and domain member server using
> winbind (both servers are running Slackware 9.1).
> I also have virtual users and groups using nss_ldap from www.padl.com,
> without pam or users/groups in /etc/passwd or /etc/group only in the LDAP
> backend....
>
> Everything works great
>
> getent passwd lists the ldap users, getent group lists the groups, wbinfo -u
> works, wbinfo -g works...
>
> My only questions are
> 1. On my domain member server, I have to set the passdb backend = smbpasswd
> otherwise if passdb backend = ldapsam:ldap://frodo, then winbindd won't
> start...
> FYI on the domain member server running winbindd, the smbpasswd file is 0kb
> so nothing is being stored there...???
This is correct. The domain member server often has no local accounts.
> 2. Also I have also read about a parameter idmap backend, which works to
> ensure the correct user/group id mappings across different servers
> running winbind....(please correct me if I am wrong about this)
>
> but if i add this parameter in the my smb.conf file like
>
> idmap backend = ldap:ldap://frodo/ the log seems to complain about not
> finding a file called ldap.so
> and winbindd will again fail to start...
Is your Samba on the member server compiled with ldap?
> Am I supposed to be running winbindd on the PDC also or just on domain
> member server....??
Normally on the member servers only, unless you have domain trusts or
some other particular requirements.
> Do I need all the LDAP entries on the domain member server....like on the
> PDC??
> the results for me anyway are the same in either case ...just curious...
If you do, you can avoid running winbind for nsswitch. This may be
advantageous for your local environment.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040128/50168e46/attachment.bin
More information about the samba
mailing list