[Samba] 3.5.6 on Squeeze and Winbind

Aleix Dorca adorca at uda.ad
Fri Feb 18 04:40:32 MST 2011

Hi all, first post on the list... please be gentle :-)

I'm trying to implement a very simple setup using Squeeze as OS and the default Samba 3.5.6 that comes with it.

I've setup a PDC with no problems... though I learned the hard way that you can't have winbind on a PDC (correct right?)
Then I added a member server with a couple of shares. Using a Windows 7 client I could access those shares but on the owner/group i always got a user (Unix user\user). Since i didn't like this I added winbind on the member server and changed the nsswitch.conf accordingly.

Then here comes the problem: When adding users via ACL on windows i got ALL users on my domain got a idmap on my LDAP server. Is this normal? Shouldn't winbind only store new idmaps for unknown domain users?

I've used both setups (old idmap config and new) with idmap alloc config, idmap config, ... None worked as expected (or at least what I understand as expected). Let's see if on my nsswitch I have LDAP and have a domain user with uid 100001 shouldn't winbind see this is a valid domain user instead of creating a new idmap? This will duplicate all info on my LDAP, one for the users tree and one for the idmap.

I've also read somewhere that winbind 3.5 series is somewhat broken... could this be the source of my problems? I've been a week hitting my head against the wall trying to find a reliable way to go from AD to Samba and it's being very hard!

Thanks for any answers that can help me on this problem.


More information about the samba mailing list