[Samba] integration with existing ldap directory
Adam Tauno Williams
awilliam at whitemice.org
Mon Mar 23 02:16:34 GMT 2009
On Sun, 2009-03-22 at 19:58 -0400, jeff sacksteder wrote:
> I'm having trouble wading through the various documents that only
> partially apply to my situation.
> I have an exsting LDAP instance providing NSS login data to my small
> group of linux machines. I want to also now provide domain logins
> against those user accounts.
> So far I have determined that I need to
> 1. add the samba schema to the directory
> 2. set the attribute access appropriately
> 3. add unix groups corresponding to the well known windows groups
That is pretty much it.
> My immediate questions are 'what groups?'
You need to map the well-known domain groups.
> and 'do I add them to passwd
> or in the directory?'.
"passwd"? If NSS is working from LDAP you don't *need* anything in
passwd/groups; the best solution is to configure a ldapsam:trusted =
> If there is a document for this configuration, a pointer would help me out.
I'd avoid using any other documents as most are inaccurate or at best
OpenGroupware developer: awilliam at whitemice.org
OpenGroupare & Cyrus IMAPd documenation @
More information about the samba