[Samba] Winbind/LDAP Backend question

Nik Reiman nik at aboleo.net
Fri Jun 25 19:33:57 GMT 2004

On Jun 24, 2004, at 4:09 PM, Paul Gienger wrote:
> To do that part you issue a
> smbpasswd -w <passwordstring>
> on the command line of your samba box to set the bind password to 
> associate with the ldap admin dn.

Thanks; I forgot about this step.  However, the machine still won't 
authenticate... there's a really long pause, and eventually it rejects 
the correct login password.  I checked the system logs, but since this 
goes through pam, it may be out of samba's hands....

> Have you tried storing your winbind idmap on an openldap (or other 
> ldap) server?  You could either manually pull the SIDs from the 
> windows directory and then sync them with uids with a script, or you 
> could change the uid stored in the idmap database to match the uid 
> manually as the users connect.  I suppose you could store that in your 
> AD server as well, no real reason you couldn't.  This wouldn't be 
> reinventing the wheel quite as much and samba will work out of the box 
> with that idmap data.

Although I'm not a big fan of openldap, this was suggested.  
Unfortunately, due to decisions made out of my hands, AD was chosen as 
the single database to hold all of our login and user information.


// Nik Reiman || nik at aboleo.net || http://www.aboleo.net \\

More information about the samba mailing list