[Samba] samba pdc without winbindd

mallapadi niranjan niranjan.ashok at gmail.com
Thu Mar 2 08:58:37 GMT 2006 

Hi Gordon ,.


But According to samba documentation, nested groups doesn't work is
mentioned,

"In Samba-3, the group management system is based on POSIX groups. This
means that Samba makes use of the posixGroup ObjectClass. For now, there is
no NT-like group system management (global and local groups). Samba-3 knows
only about Domain Groups and, unlike MS Windows 2000 and Active Directory,
Samba-3 does not support nested groups"

as i have all domain groups and no local groups. using winbind, when we
create local groups
we can have nested groups, but if there domain groups, is nested groups
possible ?

i  am not sure, or am i wrong.

Regards
Niranjan


On 3/2/06, mallapadi niranjan <niranjan.ashok at gmail.com> wrote:
>
> Hi all
>
> So in my case where i have 2 domain member servers to a PDC .
> i have already setup PDC in which winbind id map is set in ldap, but i am
> not sure
> how to make it work, now that already i have setup, domain member servers,
> to a PDC,
> enabling winbind will disturb my existing setup,
> on PDC , winbind is not running but on domain member servers winbind is
> running.
>
> i use domain member servers as file servers , which are mapped to windows
> clients (through logon
> script). i have already created users and groups on PDC and setup
> permissions on file servers .
> on Domain member server i have configured ldap.conf and subsequently
> modified nsswitch.conf so i have setup permissions as below
>
> setfacl -m u:username:rwx <directroy/file>
>
> and not as setfacl -m u:mydomain\username:rwx <directory/file>
>
> so now if i enable winbind(on server) , will the current permissions
> change ?. I don't want to disturb my current setup.
> is it possible ?
>
> Regards
> Niranjan
>
>
>
>
> On 3/2/06, simo <idra at samba.org> wrote:
> >
> > On Wed, 2006-03-01 at 23:39 -0800, Gordon Messmer wrote:
> > > mallapadi niranjan wrote:
> > > >
> > > > is pdc without winbind a best option or with winbind
> > >
> > > I believe that winbind is intended only for domain members, not for
> > > domain controllers.
> >
> > That's wrong, on a DC winbindd serves nested groups (aliases) and
> > trusted domains users and groups.
> >
> > Simo.
> >
> > --
> > Simo Sorce
> > Samba Team GPL Compliance Officer
> > email: idra at samba.org
> > http://samba.org
> >
> >
>

More information about the samba mailing list