Daniel, thanks for your answer. What you say it is absolutely true. That was my first attempt to get things woking, avoid if possible Winbind, and IT DID work UNTIL I added ACL's on shares. After that it seems winbind was unavoidable. Then all the confusion began.
Still stuck, I'm afraid. Aleix. El 21/02/2011, a las 9:11, Daniel Müller escribió: > If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows > Server and no Windows ADS so you do not need winbind at all. > Just make the Windows Server a member of your Samba-Server that’s it. > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Aleix Dorca > Gesendet: Samstag, 19. Februar 2011 21:40 > An: samba@lists.samba.org > Betreff: [Samba] Please, help me clarify (winbind). > > Hi again, > > still struggling with winbind and trying to understand how it is supposed to > work. Let's see if someone can answer a simple resolution question so I can > see if something is wrong with my setup. > > One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can > tell. > > The other machine is a DMS. Let's say I have an entry like this on my > 'getent passwd' (via LDAP): > > adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash > > As far as I can tell this user's uid is 10033. > > So, now the question: If a windows machine should connect to this server > what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping > stored/created on my LDAP Server. And would this user be treated as a > 'Domain User' or as a 'Unix User'? > > The Samba How-To Collections states on 'Winbind with NSS to resolve > UNIX/Linux user and group IDs': > > "The use of the LDAP-based passdb backend requires use of the PADL nss_ldap > utility or an equivalent. In this situation winbind is used to handle > foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a > member of our domain) as well as SIDs from another domain. The foreign > UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in > precisely the same manner as when using winbind with a local IDMAP table." > > As I understand this having NSS with Ldap an winbind running a query to user > 'adorca' should return uid=10033 and not a new idmap mapping. Is this > correct? > > Please someone answer... I'm about to loose it trying to understand how this > should work. > > Thanks, > > Aleix. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
