[Samba] understanding pam_ldap vs. winbindd
indorama at rad.net.id
Tue Mar 16 08:53:47 GMT 2004
* Matthias Eichler <mylists at ame.de> nulis:
> on the member server:
> fileserver:~# net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Domain Admins (S-1-5-21-243015202-3338874213-4097231961-512) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Domain Guests (S-1-5-21-243015202-3338874213-4097231961-514) -> -1
> Domain Users (S-1-5-21-243015202-3338874213-4097231961-513) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> > net groupmap modify sid=S-1-5-AND-SO-ON ntgroup="Domain Users"
> > unixgroup=valid_unix_group type=domain
> > if groupmap exists for ntgroup, you either must delete it and
> > then add it or modify it.
> OK, maybe this was what I was misunderstanding:
> I thought that with security=DOMAIN the groupmaps
> should be some kind of resolved between PDC and
> the members server or at least with groupmap = -1
> I have to create them which didnt work.
Groupmapping was stored on ldap (if using ldapsam), so for every samba machine you wish to obtain the mapping should using same backend.
More information about the samba