[Samba] Re: Getting Winbind IDMAP into LDAP?
Gibbs, Simon
Simon.Gibbs at informa.com
Tue Aug 16 15:01:03 GMT 2005
Hi John,
I was using the online "By-Example" documentation at:
http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id2579097
Starting at the sub heading " IDMAP Storage in LDAP using Winbind".
The example that appears to be incorrect is related to /etc/nsswitch.conf:
...
passwd: files ldap
shadow: files ldap
group: files ldap
...
hosts: files wins
...
The correct entries (working for me now) are:
...
passwd: files winbind
shadow: files
group: files winbind
...
hosts: files dns (we don't use wins)
>From a personal point of view it would have been useful to have an
additional entry in this section explaining how the the idmap ou is
populated, but I guess you can figure it out in the end.
Hope this helps,
Simon
> From: John H Terpstra <jht at Samba.Org>
> Reply-To: <jht at samba.org>
> Date: Tue, 16 Aug 2005 08:46:45 -0600
> To: <samba at lists.samba.org>
> Cc: gints neimanis <gints at venta.lv>, "Gibbs, Simon" <Simon.Gibbs at informa.com>
> Subject: Re: [Samba] Re: Getting Winbind IDMAP into LDAP?
>
> On Tuesday 16 August 2005 04:27, gints neimanis wrote:
>> Hi Simon,
>>
>> I thnik it is not the error in documentation (I don't know about which
>> chapter we are talking :)).
>
> I have reviewed the documentation on IDMAP in LDAP and it looks to me like
> something got deleted from the documentation sources somewhere in the editing
> cycle. That is why I would like to know precisely what version and section of
> the documentation has been referred to. I will fix any weaknesses, or lack of
> clarity, that can be uncovered.
>
>>
>> If you use winbdind authentication (+ idmap/ldap) only, you don't need
>> the NSS_LDAP.
>
> Correct.
>
>> But if you build a domain, where all user data is stored in LDAP, then
>> you may authenticate users (from *nix) directly to LDAP database - and
>> then you should use the NSS_LDAP (and Windows clients are using
>> (SAMBA)Domain authentication. .... And the Samba guides are more
>> explaining how to build the full Samba domain with LDAP backend.
>
> Correct.
>
> Cheers,
> John T.
********************************************************************************
The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by T&F Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices.
If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to postmaster at tfinforma.com
More information about the samba
mailing list