Dear all,
I've got a question concerning winbind and idmap. I've been googling for
days and read through the official HOWTO but yet cannot find the answer.
My situation is as follow:
I have a UNIX infrastructure (including NFS) with all user information
stored in LDAP for distributed passwd/group/shadow using nsswitch. I also
have Windows 2003 AD (MYREALM) set up. I want to setup a samba DMS under the
realm MYREALM. Everything works fine.
However, I also want to allow the windows users to manipulate the ACLs of
the files on the samba share. This creates a problem. If I don't use
winbind, the ACEs on the files cannot contains any SIDs from the AD domain
(MYREALM). If I use winbind with tdb or LDAP backend, winbind will map the
SID to a new UID different from the existing UIDs for the UNIX user
accounts.
I want to ask how can I map SID to existing UIDs if the username is
identical between the Unix world and the AD world?
Any suggestions?? or Any pointers to documentation/HOWTO ?
Thanks x 100000
Cheers,
Jacky Hui