[Samba] Re: Re: SID problem with working samba

Jamrock news_jamrock at yahoo.com
Thu Jan 24 10:49:20 GMT 2008

"toni" <tonign at xtec.net> wrote in message
news:20080123201746.45b21417 at gamma...

> this server has also a ldap server to resolve system users (via
> nsswitch), and the contents are replicated from a master ldap in the
> PDC (i think this is what you are proposing, isn't it?)

Not really.  On a Windows 2003 domain, there are a few domain controllers
that contain Active Directory.  Active Directory is not loaded on member
servers.  No replication takes place there.

The member server is configured to redirect all authentication requests to a
domain controller.

Chapter 7 discusses the various ways that Samba member servers can be
configured to redirect authentication requests to a single database of
usernames and passwords.

You can use NSS/LDAP.  You can use NSS and Winbind.  You can use an adduser
script if you don't want to use NSS.

The common factor in all three approaches is the fact that the pdc contains
the authoritative list of usernames and passwords.  Member servers query
that list.

The member server will cache the data it sees on the pdc but the pdc is the
definitive source.

Look at the smb.conf file in example 7.1..  It simply tells the member
server to look to the ldap installation on the pdc when it needs to
authenticate users.  The /etc/nsswitch.conf is configured to use ldap for
authentication.  The only difference here is that the ldap is stored on
another machine.

I am not looking at my member server now, but I think your /etc/ldap.conf
file should also point to the pdc.

More information about the samba mailing list