On Thursday 09 August 2007 13:28:49 Thierry Lacoste wrote: > > Thanks Henrik. > Can someone explain why or point me to some doc? > What I read everywhere is that winbind is used to identify users of a > windows domain at the NSS level (mapping them localy with > winbindd_idmap.tdb or globaly with ldap) while my users are correctly > identified by nss_ldap. > > What puzzles me is that I didn't touch my /etc/nsswitch.conf which reads: > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > > Is this a common setting to use winbind for samba and not for NSS?
My working nsswitch.conf look like this: passwd: files winbind ldap group: files winbind ldap shadow: files winbind ldap By, Angela > > Also I realized that my smb.conf was not entirely functional. > When I create a file with XP the domain part of the initial ACLs > is the NetBIOS name of the server and not my domain name. > Moreover when I pick a domain group (which truly appears as > a domain group) to add it in the ACLs of the file it is mapped > to gid 10000 through entries in winbindd_idmap.tdb. > > Adding the following lines to my smb.conf solved the problem. > passdb backend = ldapsam:ldap://aldap1.stars.net > ldap ssl = start_tls > ldap suffix = o=stars > ldap admin dn = cn=sambamgr,ou=Managers,o=stars > ldap machine suffix = ou=Computers,ou=Accounts > ldap user suffix = ou=Users,ou=Accounts > ldap group suffix = ou=Groups > > In this case getfacl reports the correct group and winbindd_idmap.tdb > appears to never change. > Still I need the idmap lines to be able to add ACLs. > > Regards, > Thierry. > > > > workgroup = STARS > > > netbios name = CAPELLA > > > security = DOMAIN > > > name resolve order = wins bcast > > > wins server = castor > > > netbios aliases = AHOMES APROFILES > > > password server = ALDAP1 ALDAP2 > > > > > > log level = 2 > > > > > > idmap gid = 10000-20000 > > > idmap uid = 10000-20000 > > > > > > [homes] > > > comment = Home Directories > > > valid users = %S > > > read only = No > > > browseable = No > > > > > > [Profiles] > > > comment = Roaming Profile Share > > > path = /export/profiles > > > read only = No > > > profile acls = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba