[Samba] Samba forces domain members to use winbind now

Vaughan, Robert J vaughar2 at gdls.com
Thu Mar 3 20:33:50 UTC 2022

Correct, we don't have idmap entries because we were not using winbind

As I understand it, for UNIX shell logins our LDAP is used for authentication (passwords are in there) and authorization (since the info is not in AD)

For SAMBA users, AD is for authentication and LDAP is for authorization to the share data (since the uid and gid info is all in our LDAP)

Our corp assigns the UID and GID numbers so we can't rely on any winbind generation, we need winbind to find them in our LDAP (if that makes sense)

I thought maybe it could do that with a backend nss and the range set properly

There is a local passwd file user that needs to map as well (which should also be found from nss with setting 'files ldap', or in the case of our Linux 'files sss')


This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information.  No one else may read, print, store, copy, forward or act in reliance on it or its attachments.  If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

More information about the samba mailing list