On Tue, 2003-09-30 at 12:27, Gunther Schlegel wrote: > > You should set 'security = domain' (that way, the user and group lists > > are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend' > > should be set (SID-to-UID and SID-to-GID mappings can't be retrieved > > from the PDC). > > This is in fact the first configuration I tried because it seemed to be > the "natural" solution. > > I still have some questions and hope you can help me again: > > a) I had to use winbind to get any use of the passdb backend setting. > However, in opposite to the HowTo Collection §10.2.3 / Example table > 10.1 the line in smb.conf had to be > > idmap backend = ldap:ldap://leibniz.rsidus.riege.de, and not > ^^^^ > > idmap backend = ldapsam:ldap://leibniz.rsidus.riege.de > ^^^^^^^ Thanks, I fixed it in the documentation.
> b) am I supposed to use winbind at all? I am already using pam_ldap and > nss_ldap on the server. The winbind settings are: > > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind trusted domains only = yes > > The UIDs/GIDs actually used in LDAP are in between 600 and 3000. I figure idmap is not working correctly (or it's supposed to work differently as the last time I looked at it..) > c) net groupmap still does not list anything. 'net groupmap list' does not give any output _at all_ ? > d) In windows the system still shows the rights as [member > server]\username instead of DOMAIN\username. > > e) do I have to adjust the member servers SID? It created it's own one > and it is different from the domains SID. Have you joined the domain correctly? Each workstation also has it's own SID, so that shouldn't be a problem. -- Jelmer Vernooij - http://jelmer.vernstok.nl/
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba