[Samba] fetch passwords from AD and group membership from /etc/group

Dale Schroeder dale at BriannasSaladDressing.com
Fri Jan 21 15:16:47 MST 2011

On 01/21/2011 4:54 AM, marius klausen wrote:
> Hi Takahashi,
>> While you need not run winbindd if you want to use Active Directory
>> for authentication, if you need to run, idmap_nss map help you?
> i want to use winbind to be able to log in just by providing the accountname, not domainname\accountname.
> i now added the following to my smb.conf:
> idmap domains = MYDOMAIN
> idmap uid = 6000-61000
> idmap gid = 100-3000
> idmap config MYDOMAIN: backend = nss
> which does not change anything so far (smb+winbind restarted). The uid/gid ranges cover values which are given to the account in /etc/passwd /etc/group - maybe that is wrong?
That is correct.  winbind generated uid's/gid's should not overlap the 
range of the local uid's/gid's.
The idmap gid values that are currently set could cause problems on the 
low end; but I can't say with all certainty that that is the cause of 
the symptoms you are seeing.

> best regard,
> Marius

More information about the samba mailing list