[Samba] Please, help me clarify (winbind).

Daniel Müller mueller at tropenklinik.de
Mon Feb 21 01:11:56 MST 2011

If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows
Server and no Windows ADS so you do not need winbind at all.
Just make the Windows Server a member of your Samba-Server that’s it.

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Aleix Dorca
Gesendet: Samstag, 19. Februar 2011 21:40
An: samba at lists.samba.org
Betreff: [Samba] Please, help me clarify (winbind).

Hi again,

still struggling with winbind and trying to understand how it is supposed to
work. Let's see if someone can answer a simple resolution question so I can
see if something is wrong with my setup.

One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can

The other machine is a DMS. Let's say I have an entry like this on my
'getent passwd' (via LDAP):

adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash

As far as I can tell this user's uid is 10033.

So, now the question: If a windows machine should connect to this server
what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping
stored/created on my LDAP Server. And would this user be treated as a
'Domain User' or as a 'Unix User'?

The Samba How-To Collections states on 'Winbind with NSS to resolve
UNIX/Linux user and group IDs':

"The use of the LDAP-based passdb backend requires use of the PADL nss_ldap
utility or an equivalent. In this situation winbind is used to handle
foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a
member of our domain) as well as SIDs from another domain. The foreign
UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in
precisely the same manner as when using winbind with a local IDMAP table."

As I understand this having NSS with Ldap an winbind running a query to user
'adorca' should return uid=10033 and not a new idmap mapping. Is this

Please someone answer... I'm about to loose it trying to understand how this
should work.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list