[Samba] Please, help me clarify (winbind).

Daniel Müller mueller at tropenklinik.de
Mon Feb 21 01:11:56 MST 2011 

If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows
Server and no Windows ADS so you do not need winbind at all.
Just make the Windows Server a member of your Samba-Server that’s it.

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Aleix Dorca
Gesendet: Samstag, 19. Februar 2011 21:40
An: samba at lists.samba.org
Betreff: [Samba] Please, help me clarify (winbind).

Hi again,

still struggling with winbind and trying to understand how it is supposed to
work. Let's see if someone can answer a simple resolution question so I can
see if something is wrong with my setup.

One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can
tell.

The other machine is a DMS. Let's say I have an entry like this on my
'getent passwd' (via LDAP):

adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash

As far as I can tell this user's uid is 10033.

So, now the question: If a windows machine should connect to this server
what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping
stored/created on my LDAP Server. And would this user be treated as a
'Domain User' or as a 'Unix User'?

The Samba How-To Collections states on 'Winbind with NSS to resolve
UNIX/Linux user and group IDs':

"The use of the LDAP-based passdb backend requires use of the PADL nss_ldap
utility or an equivalent. In this situation winbind is used to handle
foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a
member of our domain) as well as SIDs from another domain. The foreign
UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in
precisely the same manner as when using winbind with a local IDMAP table."

As I understand this having NSS with Ldap an winbind running a query to user
'adorca' should return uid=10033 and not a new idmap mapping. Is this
correct?

Please someone answer... I'm about to loose it trying to understand how this
should work.

Thanks,

Aleix.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list