[Samba] Samba 3.0.x infrastructure

William Jojo jojowil at hvcc.edu
Tue May 18 23:04:18 GMT 2004

I've been batting my head against a wall trying to come up with a solution
to what seems to be a trivial problem and I need a really good answer.

We have 3 Samba 2.2.8a DC's. We want to keep 3 DC's when we go to Samba 3,
but want the same password for text username regardless of the domain
being logged into *AND* we want the same RID to uid mapping *AND* we want
LDAP for posixAccounts and some SambaSAMAccount info with password
syncronization *AND* we want to keep all the profiles we have now.

Please tell me I'm reading the doc's correctly in seeing that I can have
"passdb backend" and "idmap backend, ldap idmap suffix" in conjunction
with my LDAP RFC2307 database and I have complete control over the mapping
information and I can convert my three DC's to Samba 3 and preserve all
permission information especially internal to the NTUSER.DAT files if I
take the time to write a simple script to populate
"ou=idmap,dc=hvcc,dc=edu" with all the possible uidNumber and gidNumber

All AIX uids are >1000 and we can populate the Well know gids. Since we're
using smbpasswd for passdb now, it's all algorithmic anyway and the AIX
registry will be using the builtin LDAP method (similar to Andrew's

This way I can keep all the current roaming profiles, I don't have to
use winbindd at all and no one will know that we've performed such an
overhaul. I think we're ready to convert. And we have all the scripts
inhouse to maintain the LDAP backend consistency and we'll populate the
idmap entries when we create the UNIX accounts.

Can anyone please tell me I have this correct?


More information about the samba mailing list