[Samba] Re: winbind capabilities

John H Terpstra jht at samba.org
Tue Nov 1 00:05:29 GMT 2005

On Monday 31 October 2005 16:50, Jim Kusznir wrote:
> Rex Dieter wrote:
> > Jim Kusznir wrote:
> >> From what I undrestand, there is no feesable way of implementing winbind
> >> in NSS and maintaining existing UID/GID mappings.
> >
> > AFAIK, If SFU is installed on your Windows AD domain controller, it
> > will extend the schema to allow you to define UID/GID/homedir for
> > winbind's use.  We're hopeing to use this soon, provided if I can ever
> > get our AD admins to install SFU.
> >
> > -- Rex
> SFU30 is installed, and has extended the schema.  We've been storing the
> UID/GID in this schema.  My question is will winbind use that?  My
> reading (from the samba howto) indicates that it does not; that we need
> to use nss_ldap to resolve that information.  If we do, however, I also

Correct. You need to use nss_ldap.

> understand we loose the ability to use windows groups, which is a major
> issue for us.

Not so, you can map the SFU group to a Samba group using the 'net groupmap 
modify' facility. This does not require Winbind, but could use it too.

> Can anyone confirm or deny this information?  I know samba is a very
> active project, and the howtos may not match the actual state of the
> most current version.

If you want more information please contact me off-line.

- John T.
Co-author of the "Samba HOWTO" documentation.
Author of the "By Example" documentation.

More information about the samba mailing list