[Samba] Samba as AD member & without winbind...
Rowland penny
rpenny at samba.org
Fri Oct 30 13:33:43 UTC 2020
On 30/10/2020 13:17, Ralph Boehme wrote:
> Am 10/30/20 um 12:39 PM schrieb Rowland penny via samba:
>> On 30/10/2020 11:20, Ralph Boehme wrote:
>>> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba:
>>>> On 30/10/2020 11:06, Ralph Boehme via samba wrote:
>>>>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba:
>>>>>> Can I configure winbind to use 'local' users and groups from
>>>>>> NSS?
>>>>> there's idmap_nss that may work for you.
>>>>>
>>>>> -slow
>>>> Already mentioned that, problem is it is an allocating backend,
>>>> unless I am reading the manpage wrong.
>>> ah, missed that. :)
>>>
>>> idmap_nss is not an allocating backend, I guess the manpage text
>>> might be a bit misleading.
>> A bit ?
>>
>> 'while using allocation to create new mappings'
> well, the full text reads:
>
> This example shows how to use idmap_nss to check the local accounts
> for its own domain while using allocation to create new mappings for
> trusted domains
>
> [global]
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> idmap config SAMBA : backend = nss
> idmap config SAMBA : range = 1000-999999
>
> As trusted domains are handled by the default domain *, the sentence is
> correct.
>
> Patches welcome to improve the wording. :)
>
> -slow
>
OK, before I go to the trouble of creating a patch, how about this instead:
This example shows how to use idmap_nss to obtain the local account
ID's for its own domain (SAMBA) from NSS, whilst allocating new mappings
for the default domain (*) and any trusted domains.
Rowland
More information about the samba
mailing list