OK, payment in advance: :-) :-) :-)
Wait a minute, let me change currencies....
_.-'''''-._
.' _ _ '.
/ (o) (o) \
| |
| \ / |
\ '. .' /
'. `'---'` .'
'-._____.-'
_.-'''''-._
.' _ _ '.
/ (o) (o) \
| |
| \ / |
\ '. .' /
'. `'---'` .'
'-._____.-'
_.-'''''-._
.' _ _ '.
/ (o) (o) \
| |
| \ / |
\ '. .' /
'. `'---'` .'
'-._____.-'
John H Terpstra wrote:
Something I haven't seen in print yet - so I'll ask the question. WHEN
is the appropriate time to use winbind with PDC's and BDC's?
Winbind is needed when you have domain member servers, and to deal with SIDs
for users of trusted foreign domains. Winbind is essential for interdomain
trust handling.
If all your clients are domain members, and you never get clients from trusted
domains on the network, you do not need winbind. You can operate without it
without loss of service, but you will not have use of BUILTIN groups (these
are created and managed by winbind.
Almost there. Really....
Do I NEED those builtin groups for anything? Do I WANT those builtin
groups for anything (besides avoiding those nuisance error messages in
my samba logs)?
If a couple clients are non-domain members (laptops that periodically
plug-in) - but still no trusted domains involved - is there any need for
winbind?
First: Do NOT use a domain name that has a '.' in it. That has unexpected
name resolution consequences. A Samab smb.conf workgroup= parameter should
not have a dot in it.
Ok...now that I've setup everything (again, for the nth time), do I need
to reconfigure the server and every client? Or just rename it on the
server and the change will automagically propagate?
And beyond updating my srv records, will this have other DNS consequences?
idmap domains = AMFESLAN.LOCAL
idmap alloc backend = ldap
winbind enum users = Yes
winbind enum groups = Yes
idmap alloc config:range = 10000-20000
idmap alloc config:ldap_url = ldap://127.0.0.1
idmap alloc config:ldap_base_dn = ou=idmap,dc=amfeslan,dc=local
idmap config AMFESLAN.LOCAL:range = 10000-20000
idmap config AMFESLAN.LOCAL:ldap_url = ldap://127.0.0.1
idmap config AMFESLAN.LOCAL:ldap_base_dn =
ou=idmap,dc=amfeslan,dc=local
idmap config AMFESLAN.LOCAL:backend = ldap
idmap config AMFESLAN.LOCAL:default = yes
IDMAP is used to allocate unique UID/GID's for users from a trusted domain so
they can access resources in our domain. IDMAP is also used to create
BUILTIN groups.
Ok...that part I get. What I don't get -
1. Is the above config (other than the domain name) correct?
2. How does this config differ from my original one - since the docs
say the previous version should have worked?
--
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
