[Samba] understanding pam_ldap vs. winbindd
Craig White
craigwhite at azapple.com
Mon Mar 15 20:18:07 GMT 2004
On Mon, 2004-03-15 at 12:48, Matthias Eichler wrote:
> Dear List,
>
> some general question concerning the general understanding
> of pam_ldap and winbindd.
>
> I understand winbindd as a daemon who maps existing
> Windows User from some SAM (for example NT or samba PDC)
> into the unix os level.
>
> On the member server (fileserver with acls) we have pam_ldap
> running and over this way there are all users and groups
> existing on the os level which we need for samba access.
>
> Do I understand winbindd right in that way that I do not
> need winbindd at all in this setup?
---
I would agree with that
---
> If no, why does I get map errors in the log that
> SIDs cant be mapped to gid or uid?
> (net groupmap list just shows -1 entries,
> manual groupmaps cant be inserted => error)
>
> If yes, whats the failure in my logic?
---
net groupmap list (would have been nice to see that)
net groupmap modify sid=S-1-5-AND-SO-ON ntgroup="Domain Users"
unixgroup=valid_unix_group type=domain
if groupmap exists for ntgroup, you either must delete it and then add
it or modify it.
Craig
More information about the samba
mailing list