I think I'm getting a better idea of what's required for this... One
thing that I've noticed is that since my user and group management tools
already store the sambaSID attributes in the user/group entries, along
with uidNumber/gidNumber, all that I need to do to make these entries
valid for winbind is add the sambaIdmapEntry objectclass.
Now, in theory my directory is a complete database, usable by winbind
for its idmap functions. However, winbind still seems to require an
admin dn and password to be saved locally. I'd really rather that
winbind treat the directory as a read-only repository of data. Is that
possible?
Gordon Messmer wrote:
I have a domain member server running samba 3. NSS info currently comes
from ldap, and the PDC is another samba 3 host. The PDC is also using
the ldap server for its data.
I'm not clear on how winbind is used in this configuration. When I look
at the owner/group of files from a Windows workstation, I see names of
the form "MYHOST\gmessmer" rather than "MYDOMAIN\gmessmer". I presume
that this is so because samba can map my domain login
(MYDOMAIN\gmessmer) to the unix user "gmessmer", but can't do the
reverse without winbind.
What is the minimum amount of configuration needed to provide this
reverse mapping? Do I have to go so far as to replace the NSS source
with winbind?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
