[Samba] Re: samaba winwind

John Hodrien johnh at comp.leeds.ac.uk
Tue Sep 16 21:51:44 GMT 2008

On Tue, 16 Sep 2008, Andreas Ladanyi wrote:

>> I'm not a Samba developer but in the latest releases of the 3.0.x tree
>> you can use the idmap backend of "nss" to get the old behavior of
>> mapping the Windows account name to the same account name in Unix.
> mmm for "idmap backend" the man smb.conf say:
> idmap_tdb (default)
> idmap_ldap
> idmap_rid
> idmap_tdb
> and not documented in this lines
> idmap_ad
> I think what you mean is the  "winbind nss info" parameter, which is used to 
> get nss info like "home dir" and "login shell" for unix users from active 
> directory with existing windows user/group (called mapping).

Nah, he means what he means (at least that's my guess).

I use a modified nss_ldap (that does /novel/ things) combind with samba.  In
my smb.conf I have:

idmap config MYDOMAIN:backend      = nss

Works like a *charm*.  Against a big AD (>90k users) with lots of groups it
works great.


"Some women respond to the whip, some to the kiss.  Most of them like a
  mixture of both, but none of them answer to the mind alone, to the
  intellectual demand, unless they are man dressed as woman."
                                                      -- Ian Fleming

More information about the samba mailing list