[Samba] Samba as domain member to another samba PDC

Andreas Heinlein aheinlein at gmx.com
Mon Jan 4 06:56:31 MST 2010

Daniel Müller schrieb:
> Hello,
> when i have read wright. You joined an ubuntu samba pc to your samba
> domain!
> testparm gives you: ROLE_DOMAIN_MEMBER?
> First of all your domain member must have exactly the same users and
> passwords as your pdc/ldap.
> You can do that with installing ldapclient. Configure it with
> ldapserver: your pdc/ldap.
> Now getent passwd and getend group should show you all your
> users/groups kept on you pdc/ldap.
I did that using libpam-ldap/libnsswitch-ldap. getent group/passwd
returns what you say, and user authentication on the UNIX side works well.
> If you succed with this. You need in your smb.conf:
> security=DOMAIN
> password server=YOUR-PDC-LDAP
I have password server = *, but explicitly setting the PDC changes nothing.
> For me I had to copy my ladp config section from my smb.conf on my PDC
> here:
> ldap....
> idmap backend=ldap:ldap://YOUR-PDC-LDAP
> idmap uid...
> idmap gid....
I do not currently have the idmap... things, since I thought I do not
need them. I tried, and it changed nothing. "pdbedit -L" still returns
"SID ... does not belong to our domain". What does it return on your


More information about the samba mailing list