[Samba] Samba as a AD domain member server with idmap backend = ldap

Zach Chambers zach at savagepoint.com
Wed May 16 17:23:31 GMT 2007

Hi Folks,

Hopefully an easy question.  I've scoured FAQs, books and documentation 
and managed to get the above configuration working, but only by straying 
from the documentation in Chapter 14, example 14.4 of the Samba HOWTO:


Can someone confirm for me that when Samba is only an Active Directory 
domain MEMBER server with an LDAP idmap backend, the "nsswitch.conf" 
must still be set with:

passwd: files winbind
shadow: files winbind
group:  files winbind

as opposed to:

passwd: files ldap
shadow: files ldap
group:  files ldap

since the People and Groups, structures will not actually exist in LDAP 
unless you are setting up for a full PDC?


More information about the samba mailing list