[Samba] Samba winbind getgroups lookup
rpenny at samba.org
Fri Oct 4 14:50:37 UTC 2019
On 04/10/2019 15:16, Satay Epic wrote:
> Ok. Wondering if it fix by changing the idmap backend to "ad" ?
If your only problem is that you are getting a message in your logs
about checking for groups for 'root', then I would not worry it. The
advantage of using the 'ad' backend is that you get the same Unix ID
everywhere (including on Samba AD DCs) and get to use RFC2307 attributes
on Unix domain members. However, you will still need to map
Administrator to root.
> Is "ad" backend a better option than "rid" since we have MS AD or otherwise ?
> My next task is to ensure PAM is setup correctly with winbind. I'm
> going to validate the PAM configs.
Pity you are not using Debian, just installing the correct packages does
this for you, not sure if this happens on Centos.
> Do you have any recommendations of PAM / winbind settings?
Not really, I use Devuan
> We also having "nscd" running for the DNS host lookup. Is it right to
> have "nscd" running beside "winbind"?
If nscd is only caching dns, then you can run it on a Unix domain
member, but I would rather run a caching/forwarding nameserver on the
unix domain members.
More information about the samba