[Samba] Re: ldapsearch and getent passd/group with nss winbind
differs
Andreas Ladanyi
knuffiandy at web.de
Wed Aug 20 07:49:13 GMT 2008
Hi Jerry,
Gerald (Jerry) Carter schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andreas Ladanyi wrote:
>> Hi,
>>
>> after deleting winbindd_idmap and winbindd_cache.tdb files:
>>
>> For security =domain AND security=ADS !
>>
>> wbinfo -u /-g /-t are ok !
>>
>> getent passwd is ok.
>>
>> getent group shows different group memberships as ldapsearch with filter
>> "msSFU30PosixMemberOf".
> Winbind honors the Windows group membership and not
> necessarily "msSFU30PosixMemberOf" attributes.
So it should be enough if you give the Windows group a GID in tab "UNIX
attribute" in Active Directory and you have to do nothing else for the
Linux side ?!
>
>> smb.conf - winbind:
>>
>> winbind separator = /
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind cache time = 60
>> idmap backend = ad
>> idmap uid = 6000-27000
>> idmap gid = 600-7000
>> template shell = /bin/bash
>> template homedir = /home/%u
>> winbind use default domain = yes
>> winbind refresh tickets = yes
>> winbind nss info = template sfu
>>
>> Any ideas ?
>>
>> Andy
>>
>
>
> - --
> =====================================================================
> Samba ------- http://www.samba.org
> Likewise Software --------- http://www.likewisesoftware.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIqyaeIR7qMdg1EfYRAgZWAKDRsC9qFFIIlIYZTgcrrt/+eZNiBQCcDNHE
> lxx+F3++8Y8maDRIxl3Xny8=
> =xmUQ
> -----END PGP SIGNATURE-----
More information about the samba
mailing list