Hi Jelmer, thanks for your message.
> You should set 'security = domain' (that way, the user and group lists > are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend' > should be set (SID-to-UID and SID-to-GID mappings can't be retrieved > from the PDC). This is in fact the first configuration I tried because it seemed to be the "natural" solution. I still have some questions and hope you can help me again: a) I had to use winbind to get any use of the passdb backend setting. However, in opposite to the HowTo Collection �10.2.3 / Example table 10.1 the line in smb.conf had to be idmap backend = ldap:ldap://leibniz.rsidus.riege.de, and not ^^^^ idmap backend = ldapsam:ldap://leibniz.rsidus.riege.de ^^^^^^^ b) am I supposed to use winbind at all? I am already using pam_ldap and nss_ldap on the server. The winbind settings are: idmap uid = 10000-20000 idmap gid = 10000-20000 winbind trusted domains only = yes The UIDs/GIDs actually used in LDAP are in between 600 and 3000. c) net groupmap still does not list anything. d) In windows the system still shows the rights as [member server]\username instead of DOMAIN\username. e) do I have to adjust the member servers SID? It created it's own one and it is different from the domains SID. regards, Gunther -- Gunther Schlegel Riege Software International GmbH Manager System Administration Mollsfeld 10 40670 Meerbusch, Germany Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0 Fax: +49-2159-9148-11 --------------------------------------------------------------------- Disclaimer: You may grab my GPG key from http://www.keyserver.net . A nonproportional font is recommended for reading.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
