On Mon, 2003-09-29 at 17:04, Gunther Schlegel wrote: > Hi, > > I have noticed a strange behavior regarding samba 3 domain member > servers: > > I have a LDAP based Samba3 PDC + BDC setup running and want to add a > third machine as "Domain member server" (name: HILBERT ). > > Problem: > When I look up the file ownership from a W2K Workstation Client both PDC > and BDC show the owners account to be a domain account: > e.g.: DOMAIN\schlegel > > Hilbert behaves differently. It shows local users and mapped group in > the form: > HILBERT\[local user on hilbert|centrally mapped group] > > and ldap-users like this: > > HILBERT\(the Users SID) > > I expect it to at least show mapped groups and ldap users in the form > DOMAIN\username. > > I am also not quite sure whether I should run the server in "domain" or > "user" security mode, but I found out I have to use the LDAP backend to > get the central group mapping. I also found out that both setups work > and that the domain setup is talking to the PDC while the user setup > does not. This is like I expected it. > > However, the behavior regarding hostname vs. domainname is the same. > > nss_ldap + pam_ldap work fine, the UIDs are mapped on the OS level. > Environment software is openldap 2.1.22, nss_ldap 202, RedHat 9.
Hi Gunther, You should set 'security = domain' (that way, the user and group lists are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend' should be set (SID-to-UID and SID-to-GID mappings can't be retrieved from the PDC). Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba