Hello everyone, In my new Samba environment, I have a few servers that use LDAP for Unix accounts (via PADL's NSS stuff). This is working fine for Unix accounts, and everything is in LDAP. These servers are also going to run Samba, with the ldapsam backend.
I've noticed that ldapsam allows me to maintain a UID<->SID mapping by simply putting the SID in the sambaSID attribute for a (domain) user. That is, I can manually assign the SID when I create the account. Is there any simple equivalent thing for GID<->SID mappings for groups? I'd really like to just choose a SID when I choose a GID at the same time I'm adding the group. And I'd like it to be a SID that matches the domain SID; that would help keep things uniform across servers. I've looked at the documentation quite a lot, and the only thing I've seen allusions to so far that allows GID<->SID mapping to be stored in LDAP is using idmap with winbind. It seems very strange to me that there's an easy way to do this (without winbind) for users but there isn't for groups. For what it's worth, I'm trying to avoid winbind (at least, using NSS going through winbind) because the new PDC is also to be a Samba file server, smtp/pop3/imap mail server, etc. Basically, I just want all Unix UIDs and GIDs and all SIDs to be specified manually in LDAP. I notice in the figures in Chapter 11 of the official HOWTO that it shows "winbind" querying ldapsam to do GID<->SID mapping. Is it possible that "winbind" (one "d") refers to "winbindd" (two "d"s -- the daemon) and this implies that I can have LDAP-based GID<->SID mapping by running the winbindd daemon but not setting up winbind anywhere in /etc/nsswitch.conf? Thanks for any insight -- I've spent hours today looking through the documentation and I've learned a lot, but I haven't learned the one thing I need to know... :-) - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba