[Samba] integration with existing ldap directory

Adam Tauno Williams awilliam at whitemice.org
Mon Mar 23 02:16:34 GMT 2009

On Sun, 2009-03-22 at 19:58 -0400, jeff sacksteder wrote:
> I'm having trouble wading through the various documents that only
> partially apply to my situation.
> I have an exsting LDAP instance providing NSS login data to my small
> group of linux machines. I want to also now provide domain logins
> against those user accounts.
> So far I have determined that I need to
> 1. add the samba schema to the directory
> 2. set the attribute access appropriately
> 3. add unix groups corresponding to the well known windows groups

That is pretty much it.

> My immediate questions are 'what groups?' 

You need to map the well-known domain groups.

> and 'do I add them to passwd
> or in the directory?'.

"passwd"?  If NSS is working from LDAP you don't *need* anything in
passwd/groups;  the best solution is to configure a ldapsam:trusted =
yes setup.

> If there is a document for this configuration, a pointer would help me out.


I'd avoid using any other documents as most are inaccurate or at best
OpenGroupware developer: awilliam at whitemice.org
OpenGroupare & Cyrus IMAPd documenation @

More information about the samba mailing list