[Samba] Issues/Questions about Samba 3.x.x versus it's Worki ng Status

Tue Oct 19 18:13:56 GMT 2004

Hi Jerry,

First, thanks a lot for the answers!

In regards, to your reply, can you provide a little bit more precisions
here:

1. The question 1 was about not using winbindd when in ADS security mode. Is
the answer still Yes? I know that it is true when in DOMAIN security mode.

2. About Question 6, from your answer, my understanding is that the Samba
server must be in the same domain as the Win2K/Win2K3 server. In other words
the full name of these machines would be "sambaserver.domaineA.com" and
"win2kserver.domaineA.com". Is this true whether it is with the DOMAIN or
ADS security mode?

Regards,

Marcello

-----Message d'origine-----
De : Gerald (Jerry) Carter [mailto:jerry at samba.org] 
Envoyé : mardi 19 octobre 2004 10:01
À : Melfi.Marcello at hydro.qc.ca
Cc : samba at lists.samba.org
Objet : Re: [Samba] Issues/Questions about Samba 3.x.x versus it's Working
Status

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Melfi.Marcello at hydro.qc.ca wrote:

| 1. I once asked if it was possible not to use winbindd
| and just use the "username map" parameter/file. I never got any answer 
| to that... Is that a tough question?

Yes.

| 2. When using winbindd, can I still use the "username
| map" parameter/file so that I link Windows accounts to the same Unix 
| one? Right now, this does not seem to work... Is there some issues 
| with this? What is the exact syntax?

See my post about this earlier today.

| 3. Is PAM absolutely required? I do not think so, but,
| hey, you never know...

No.  not required.

| 4. I saw in a few mails on Google that the
| command "wbinfo --set-auth-user DOMAINNAME\\Administrator%password"
| is sometime required? Is it true? What is it all about?

No.  not required nor needed in the latest Samba releases (especially when
using security = ads).

| 5. I saw also in a lot of mails on Google and Samba list
| that it was required to copy the libnss_winbind.so (from
| the nsswitch directory in the samba source) to the /lib directory. 
| However, the target filename is sometime nss_winbnid.so, sometime 
| libnss_winbind.so, sometime ending with .so.1 or .so.2, etc. What is 
| it all about? What is really required? Is this system specific?

nss_winbind.so is the NSS library used to export domain
users and groups to the underlying UNIX OS.  It is required when you run
winbindd and the name is OS specific.

| 6. Does the Samba server (aka the Unix box) need to be in the same 
| domain as the Win2K3 server? Same question for the client 
| workstations?

Yes and no.  Suggest you re-reead the documentation on
security = [domain|ads]

| 7. I saw in some other mails/documents (too many read in
| a short period) that it may be required to change the
| Windows account's password? Is this true? If so, when
| is it required and with what typical configuration?

Normally this is handled automatically for you by
smbd (if appropriate) once you are joined to a domain.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBdR4CIR7qMdg1EfYRAj6OAKCZV7HpL4cuwLmpzLXVnFTEoeWABQCfUFa5
HE1bh8awLFwbDunY7VzXnjY=
=EYiB
-----END PGP SIGNATURE-----