[Samba] Re: Getting Winbind IDMAP into LDAP?
gints neimanis
gints at venta.lv
Tue Aug 16 10:27:35 GMT 2005
Hi Simon,
I thnik it is not the error in documentation (I don't know about which
chapter we are talking :)).
If you use winbdind authentication (+ idmap/ldap) only, you don't need
the NSS_LDAP.
But if you build a domain, where all user data is stored in LDAP, then
you may authenticate users (from *nix) directly to LDAP database - and
then you should use the NSS_LDAP (and Windows clients are using
(SAMBA)Domain authentication. .... And the Samba guides are more
explaining how to build the full Samba domain with LDAP backend.
About winbind*tdb. I have too such files and I think it is expected (it
speeds up resolving the id's). My setup with W2K as domain controller
and SAMBA servers with winbind+idmap_ldap works fine for ~2 year without
any trouble for 900 users (Thanks for Samba team!).
Gints
Gibbs, Simon wrote:
> Hi Gints,
>
> Changing nsswitch.conf from:
>
> passwd: files ldap
> group: files ldap
> to
> passwd: files winbind
> group: files winbind
>
> did the trick. Running getent passwd/group began populating LDAP and I can
> search all the records using ldapsearch and slapcat.
>
> Would this be an error in the documentation as (unless I was reading the
> wrong section) it uses the ldap entries in it's example?
>
> My one concern is that when winbind is stopped and restarted the
> winbindd_idmap.tdb and winbindd_cache.tdb files are recreated and entries
> are added. Would this be expected?
>
> I guess I can test this today when I begin configuring a second node.....
>
> Thanks for your help.
>
> Simon
More information about the samba
mailing list