Im no friend of winbind. But you need the idmap-thing with winbind. And I
agree with you that there is NO!!! realy good howto
about using winbind in the newer versions of samba, no step by step.
But as far as I used it, winbind mapped the user of an windows domain or ads
to the samba machine as if they where local users there.
Then you can grant rights on shares, use domain-groups....
As you are using ads you should have a look at samba4.
Greetings
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Robert Cohen
Gesendet: Donnerstag, 24. Februar 2011 07:26
An: samba at lists.samba.org
Betreff: [Samba] Is it a good idea/required to run winbind
We've been running a samba service for many years but have stuck using
3.0.24. Every version I tried after 3.0.24 seemed to have reliability
problems.
But if every version since 3.0.24 was broken I assume someone would have
noticed by now :-). So I'm guessing we're doing somethng idiosyncratic
and/or stupid..
The config we have is that our samba server (solaris) is getting uid/gid
info using NSS from ldap.
But all the users are also in an ADS domain which is synchronised with the
ldap servers by an identity management system.
So we do authentication from ADS.
The relevant parts of the config are
netbios name = xxx
security = ADS
realm = yyy.domain
password level = 0
local master = no
domain master = no
encrypt passwords = yes
The samba server was joined to the domain using "net ads join".
We were running smbd and nmbd but not winbind (since we werent using samba
for NSS).
And that worked fine up through 3.0.24
After 3.0.24, it stopped working reliably.