[Samba] Please, help me clarify (winbind).

Aleix Dorca adorca at uda.ad
Mon Feb 21 01:32:49 MST 2011

Daniel, thanks for your answer.

What you say it is absolutely true. That was my first attempt to get things woking, avoid if possible Winbind, and IT DID work UNTIL I added ACL's on shares. After that it seems winbind was unavoidable. Then all the confusion began.

Still stuck, I'm afraid.


El 21/02/2011, a las 9:11, Daniel Müller escribió:

> If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows
> Server and no Windows ADS so you do not need winbind at all.
> Just make the Windows Server a member of your Samba-Server that’s it.
> -----------------------------------------------
> EDV Daniel Müller
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Aleix Dorca
> Gesendet: Samstag, 19. Februar 2011 21:40
> An: samba at lists.samba.org
> Betreff: [Samba] Please, help me clarify (winbind).
> Hi again,
> still struggling with winbind and trying to understand how it is supposed to
> work. Let's see if someone can answer a simple resolution question so I can
> see if something is wrong with my setup.
> One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can
> tell.
> The other machine is a DMS. Let's say I have an entry like this on my
> 'getent passwd' (via LDAP):
> adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash
> As far as I can tell this user's uid is 10033.
> So, now the question: If a windows machine should connect to this server
> what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping
> stored/created on my LDAP Server. And would this user be treated as a
> 'Domain User' or as a 'Unix User'?
> The Samba How-To Collections states on 'Winbind with NSS to resolve
> UNIX/Linux user and group IDs':
> "The use of the LDAP-based passdb backend requires use of the PADL nss_ldap
> utility or an equivalent. In this situation winbind is used to handle
> foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a
> member of our domain) as well as SIDs from another domain. The foreign
> UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in
> precisely the same manner as when using winbind with a local IDMAP table."
> As I understand this having NSS with Ldap an winbind running a query to user
> 'adorca' should return uid=10033 and not a new idmap mapping. Is this
> correct?
> Please someone answer... I'm about to loose it trying to understand how this
> should work.
> Thanks,
> Aleix.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list