Re: [Samba] Linux member server, or something else?
It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. It's also possible to use nss_winbind and no nss_ldap, however there has been a bug on the server side that has stopped this from working. So the option above is your only option unless you have a version of samba on the server side that isn't affected by the bug. Regards, David On Tue, 30 Jun 2009 00:59:16 -0300, Norberto Bensa nbe...@gmail.com wrote: Hello, On Mon, Jun 29, 2009 at 11:11 PM, John Drescherdresche...@gmail.com wrote: I have a Samba PDC with an LDAP backend password database, against which WinXP clients authenticate. I also have a Ubuntu workstation, which authenticates directly to the same LDAP password database (no Samba). I now wish to have the WinXP clients be able to map shares on the Ubuntu workstation, so I obviously need to get Samba working on it. I can slog through the technical details, but I want to make sure I have the concept properly figured out - will the Ubuntu workstation be a member server, configured as such per the Samba documentation using Winbind, or is there a different way I should be thinking about this? Thanks for any general pointers. That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there are no real file shares. The member servers have that. My member servers have winbind. At work, we're in the process of starting a migration of our Windows XP clients to Ubuntu. My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as a password server. Users and groups are read from LDAP via nsswitch (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. It seems to work, but I want to know if I'm missing something. Why should I run winbind? If I need to run winbind, does it need to run on server _and_ clients? Many thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 7:29 AM, David Markeydmar...@dodds.dmarkey.com wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. It's also possible to use nss_winbind and no nss_ldap, however there has been a bug on the server side that has stopped this from working. So the option above is your only option unless you have a version of samba on the server side that isn't affected by the bug. In the past, winbind used to give headaches. I want to avoid it if I can :-) Regards, David Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 7:29 AM, David Markeydmar...@dodds.dmarkey.com wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. Without idmap ACLs do not work on member servers. I mean changing ACLs on files in windows does not work as expected. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 10:39 AM, John Drescherdresche...@gmail.com wrote: On Tue, Jun 30, 2009 at 7:29 AM, David Markeydmar...@dodds.dmarkey.com wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. Without idmap ACLs do not work on member servers. I mean changing ACLs on files in windows does not work as expected. Ok. So, is this idmap backend = nss a valid option? I can't find information about it in man smb.conf I'm using samba-3.0.28a (ubuntu hardy). John M. Drescher Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 11:15 AM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jun 30, 2009 at 10:39 AM, John Drescherdresche...@gmail.com wrote: On Tue, Jun 30, 2009 at 7:29 AM, David Markeydmar...@dodds.dmarkey.com wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. Without idmap ACLs do not work on member servers. I mean changing ACLs on files in windows does not work as expected. Ok. So, is this idmap backend = nss a valid option? I can't find information about it in man smb.conf I'm using samba-3.0.28a (ubuntu hardy). I do not remember what version that was added. 3.0.28 is pretty old though. I am using 3.0.33 or greater on all of my production servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Linux member server, or something else?
Hello list! I have a Samba PDC with an LDAP backend password database, against which WinXP clients authenticate. I also have a Ubuntu workstation, which authenticates directly to the same LDAP password database (no Samba). I now wish to have the WinXP clients be able to map shares on the Ubuntu workstation, so I obviously need to get Samba working on it. I can slog through the technical details, but I want to make sure I have the concept properly figured out - will the Ubuntu workstation be a member server, configured as such per the Samba documentation using Winbind, or is there a different way I should be thinking about this? Thanks for any general pointers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
I have a Samba PDC with an LDAP backend password database, against which WinXP clients authenticate. I also have a Ubuntu workstation, which authenticates directly to the same LDAP password database (no Samba). I now wish to have the WinXP clients be able to map shares on the Ubuntu workstation, so I obviously need to get Samba working on it. I can slog through the technical details, but I want to make sure I have the concept properly figured out - will the Ubuntu workstation be a member server, configured as such per the Samba documentation using Winbind, or is there a different way I should be thinking about this? Thanks for any general pointers. That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there are no real file shares. The member servers have that. My member servers have winbind. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
Hello, On Mon, Jun 29, 2009 at 11:11 PM, John Drescherdresche...@gmail.com wrote: I have a Samba PDC with an LDAP backend password database, against which WinXP clients authenticate. I also have a Ubuntu workstation, which authenticates directly to the same LDAP password database (no Samba). I now wish to have the WinXP clients be able to map shares on the Ubuntu workstation, so I obviously need to get Samba working on it. I can slog through the technical details, but I want to make sure I have the concept properly figured out - will the Ubuntu workstation be a member server, configured as such per the Samba documentation using Winbind, or is there a different way I should be thinking about this? Thanks for any general pointers. That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there are no real file shares. The member servers have that. My member servers have winbind. At work, we're in the process of starting a migration of our Windows XP clients to Ubuntu. My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as a password server. Users and groups are read from LDAP via nsswitch (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. It seems to work, but I want to know if I'm missing something. Why should I run winbind? If I need to run winbind, does it need to run on server _and_ clients? Many thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba