Hi, I'm trying to set up a single sign-on system across both linux and windows with a Samba3 PDC and OpenLDAP backend. I've been trying to follow the documentation included with Samba3 but I don't seem to be having much success.
So I have few questions. #1: What services are necessary for this to work? I know smbd, nmbd and slapd are for sure required. But I can't figure out whether winbindd should be running with this system or not. As far as I understand, it is. It will provide the ability for domain users to log into linux systems with their domain credentials. #2: How do the idmap mappings get created? I have the ldap idmap suffix option set to a valid location but I've never seen any entries get put in there. #3: What constitutes a domain group in ldapsam? From what I can tell, the sambaGroupMapping object class indicates a domain group. But every domain group needs to map to a posixGroup objectclass entry. So if every domain group has a one-to-one mapping to a group gid, why is there a need for winbindd to generate mappings for domain groups? #4: Is there an easy way to test the smbd+slapd configuration? I want to make sure that those two are configured and working correctly before I start expanding the configuration to adding other machines to the domain. #5: When I run wbinfo -u or wbinfo -g both return with "Error looking up domain [users|groups]" but if I tried wbinfo -n <testuser> I actually get a SID back. What could cause this? Any help would be appreciated. If someone has samba3 PDC + OpenLDAP system set up, a dump in ldif format (with sensitive info removed) of the ldap directory would be a great help, as well as sample smb.conf's or any other suggestions. Thanks. Jake -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
