[Samba] understanding pam_ldap vs. winbindd

Craig White craigwhite at azapple.com
Mon Mar 15 20:18:07 GMT 2004

On Mon, 2004-03-15 at 12:48, Matthias Eichler wrote:
> Dear List,
> some general question concerning the general understanding
> of pam_ldap and winbindd.
> I understand winbindd as a daemon who maps existing
> Windows User from some SAM (for example NT or samba PDC)
> into the unix os level.
> On the member server (fileserver with acls) we have pam_ldap
> running and over this way there are all users and groups
> existing on the os level which we need for samba access.
> Do I understand winbindd right in that way that I do not
> need winbindd at all in this setup?
I would agree with that
> 	If no, why does I get map errors in the log that
> 	SIDs cant be mapped to gid or uid?
> 	(net groupmap list just shows -1 entries,
> 	 manual groupmaps cant be inserted => error)
> 	If yes, whats the failure in my logic?
net groupmap list (would have been nice to see that)

net groupmap modify sid=S-1-5-AND-SO-ON ntgroup="Domain Users"
unixgroup=valid_unix_group type=domain

if groupmap exists for ntgroup, you either must delete it and then add
it or modify it.


More information about the samba mailing list