Hello everybody, I have set up authentication for a Linux Host using MS SFU. Works fine: "getent passwd" show my users, they can login..." On the same host I want to set up Samba 3.0.9 as a domain member. The question: Can I use the AD Controller as "idmap_backend" _directly_ , skipping the use of winbind ? The problem with using winbind is that users will show up twice in "getent passwd" and the parallel use of NFS becomes a problem, as files belong to the winbind user if created with Samba , and to the "SFU User" if created with NFS. I hope this can be understood. Let me know if you need more details Regards Dan
Gerald (Jerry) Carter
2005-Jul-06 15:03 UTC
[Samba] AD Domain Member: User Mapping w/out winbind ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Am wrote: | Hello everybody, | I have set up authentication for a Linux Host | using MS SFU. Works fine: "getent passwd" show my | users, they can login..." | | On the same host I want to set up Samba 3.0.9 as a | domain member. The question: Can I use the AD Controller | as "idmap_backend" _directly_ , skipping the use | of winbind ? The problem with using winbind is that | users will show up twice in "getent passwd" and the | parallel use of NFS becomes a problem, as files belong | to the winbind user if created with Samba , and | to the "SFU User" if created with NFS. Dan, Just don't define the idmap uid/gid parameters in smb.conf. Winbindd will still run but not allocate any uids or gids for accounts. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCy/KoIR7qMdg1EfYRAliFAJ94xoGeZfq546SZ6Sq+bEAPKKm8qACfckkx C5NHjwAGbfdZJvznWSNwmOk=wNKk -----END PGP SIGNATURE-----