[Samba] Samba as domain member to another samba PDC

Andreas Heinlein aheinlein at gmx.com
Mon Jan 4 05:40:24 MST 2010


we have a somewhat unusual setup:
- currently, Windows 2000 workstations in a NT4-Style domain with a
samba 3 server as PDC. User account data for both UNIX and Samba is kept
in LDAP.
- now, several workstations should be migrated to Ubuntu, using the same
LDAP directory (and NFS homes) for User account data. Users need to be
able to share files with windows workstations, using samba.

I have managed to join samba on the Ubuntu test machines to the domain,
and any manually created shares in smb.conf can be accessed by windows
users as well as other users on other Ubuntu clients.
I have set in smb.conf on the client:
security = domain
password server = *
domain = MYDOM
(passdb backend is not set)

But I'd like to use system-config-samba from Ubuntu as a GUI to let the
users create their own shares (somewhat risky, I know, but currently the
best solution). system-config-samba relies on the output of "pdbedit -L"
to let the user choose which users can access which share. In the above
setup, the output of "pdbedit -L" is empty.

I tried adding
passdb backend = ldapsam:ldap://
and the neccessary ldap options to smb.conf on the client and have set
the LDAP admin password using "smbpasswd -W". Now, "pdbedit -L"
complains "SID 1-2-3-4-5 does not belong to our domain", and
system-config-samba shows the same line instead of the users name for
every user in the database.

So, essentially, the question is: how can a samba domain member get a
list of users using "pdbedit -L"?
As I understand it, the whole winbind/idmap stuff is neccessary only for
mapping users on a windows PDC to (temporary) UNIX users, but we already
have real permanent UNIX users, so I do not need winbind/idmap, right?


More information about the samba mailing list