On a member server, the ldap backend should not be needed for user and
group look up. You do need some sort of idmapping for the unix level to
see the UID's and GID's assigned to the samba users, and use those uid's
and gid's to set file permissions.
I need to do idmapping via winbind or something else?
I haven't had much luck with member servers either. it does get trickier
when you have ldap used for both unix accounts and samba accounts. I
found it easier to configure my primary machines as domain controllers.
I need to use LDAP only for samba accounts, not local (unix)
I think generally your nsswitch.conf file should include entries to allow
but according to http://www.samba.org/samba/docs/man...csdmldapIf
I have one domain and all server are the member of this domain there
no need to use winbind at all. Did I miss something?
This means that you would be able to type "getent user1" and "getent
I don't need such case, in my case local and domain users always unique
I think it appears you are getting group information from winbind since
have the "force group" entry in smb.conf.
It's strange. When I added force user to the share description, samba set
uid of the new file from ldap
You should look at the man page for idmap_nss. In theory, this should
let you use a local backend to store the idmap entries, and the idmap
system should use map the SID's to the existing unix uid and gid. Never
worked for me in practice.
I read the man http://www.samba.org/samba/docs/man...nss.8.html but didn't
get clear understanding
Alternately, you may want to manually edit the idmap entries in ldap.
The domain controller should have automatically created them.
there are a 10-15 entries in the ou Idmap
To unsubscribe from this list go to the following URL and read the