[Samba] Id Mapping from SFU 3.5
Andrew Bartlett
abartlet at samba.org
Sat Nov 12 05:19:48 GMT 2005
On Tue, 2005-11-08 at 11:50 +0100, Dan Am wrote:
> Hello,
> our task is to get Samba to us the same Mapping as SFU is using in AD.
> 1. In 3.0.21pre1 we set
>
> idmap uid = 50000-100000
> idmap gid = 50000-100000
> idmap backend = AD
> winbind separator = =
>
> but mapping a drive from Win2003 Server fails with:
>
> "nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user "our_user" dows not exist"
>
> Are we missing something ?
>
> 2. We succeeded with 3.0.9 by setting
>
> winbind enable local accounts = yes
>
> and pulling in the AD Users via nss_ldap directly.
> But this parameter has been removed in current versions.
> Why ? Are there any contraindications for the parameter ?
You were actually looking for 'winbind trusted domains only = yes'.
I'm not sure entirely of the impact of using nss_ldap instead of
winbindd, but this at least is the right way to do it.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051112/ab2f49c3/attachment.bin
More information about the samba
mailing list