On 14 oct. 09, at 18:36, Gaiseric Vandal wrote:
I supposed it depends if Samba is configured to automatically create
the underlying unix accounts when you create samba accounts. My
setup doesn't. I created a "user" account in ldap for my BDC.
(the unix passwd shd be *LK* and the shell shd be /bin/false)
Running "net rpc join" will then add the appropriate samba attributes.
I think you also need to grab the domain SID
BDC# net rpc getsid
Password:
Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb
#
However, I am not sure the domainsid for the machine is meant to
match the domainsid of the domain. On my PDC, they match. On the
BDC, they don't. I am not sure if I need to change that.
They shoul match (see e.g. http://lists.samba.org/archive/samba/2007-August/134734.html)
.
group mappings do NOT seem to be stored in ldap. So you either need
to copy the approp tdb file over or run the identical net group map
commands on the BDC.
Group mappings should be stored in LDAP.
This is the purpose of the sambaGroupMapping auxiliary objectClass which
extends the posixGroup structural objectClass in a typical samba/ldap
implementation.
Regards,
Thierry
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
