[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?

john lists.john at gmail.com
Fri Apr 17 16:48:14 MDT 2015

Hello all,

I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use
this linux box as a smb file server for windows clients.

I installed NSLCD to allow users in AD to authenticate against my linux
server per

getent passwd and getent group returns domain users with UID mappings like:

tempuser at vanguard.mydomain.org:*:16043:16043:temp

Those same users can log into the linux box with their domain credentials
via ssh and create files owned by them

However I can't figure out how to configure Samba to allow these same users
to access a samba file share via a windows 7 client. I thought that Samba
would check /etc/nsswitch.conf like other services and use ldap just like
ssh would.

the relevant part of my nsswitch.conf file looks like:

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

Do I need to install RFC2307 extensions per

and then add something like the following to my smb.conf file?

idmap config DOMAIN:backend = ad
winbind nss info = sfu

Any advice is appreciated!



More information about the samba mailing list