I would like to have multiple Samba Domain Member servers, acting as file
servers, in my Active Directory domain. I've used the Samba-3 By Example and
the Official Samba-3 reference to get my first server running,
authenticating users to my AD domain, and mapping uid/gid using idmaps
through winbind. My problem is that, when I setup a second member server,
its idmaps aren't guaranteed to be identical to the first server. I know the
books mentin using ldap backends when I'm using a samba PDC, but what about
when I'm using AD servers for my backend?
Should I force Samba to use ldap to access AD instead of winbind? Does
Services For Unix (SFU) extend my AD schema (Win2003) to support uid/gids
that can be accessed by winbind? Should I just rsync my mapping database to
my secondary servers? Any suggestions (other than replacing my AD
environment with a Samba PDC) would be appreciated.
Steve
[global]
unix charset = LOCALE
workgroup = MYDOMAIN
realm = MYDOMAIN.INT
server string = Samba File Server
security = ADS
client use spnego = yes
username map = /etc/samba/smbusers
log level = 1
syslog = 0
logfile = /var/log/samba/%m
max log size = 50
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
wins server = 10.0.0.2
winbind separator = +
enable privileges = yes
