Hey man, You only need to do the nsswitch stuff in order to accomplish what you described.
The pam stuff is for logging in to the unix box with an AD account, the nss stuff is necessary for the enumeration of the AD accounts + groups. So you need winbindd + libnss_winbind.so + changes to nsswitch.conf Hope this helped. Thanks, Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Adams Sent: 06 October 2004 05:26 PM To: [EMAIL PROTECTED] Subject: [Samba] winbind pam nsswitch question I am setting up a Samba 3.0.6 ADS member server, configured like this: Windows 2000 ADS Server Samba 3.0.6 ADS members server (Solaris 9) is a member of ADS domain Windows XP clients are members of ADS domain, require access to Samba shares on Solaris server. I'm trying to make it so that I don't have to maintain a usermap to map all of the users or groups in the ADS domain on the Solaris server. I think I still need winbindd running in order for Samba to be able to enumerate the users and groups on the ADS server, but I'm confused as to which parts of the tutorials to follow. I don't want the ADS accounts to be able to log in to the Solaris server, I just want them to be able to map drives. I also don't want to have files that the ADS accounts access to have user or group ownership based on their ADS accounts... I'd like to force all the ADS users to a single Solaris account. From looking at the tutorials, I'm thinking that I'll use Unix directory permissions to achieve that instead of "force user" in smb.conf. Here are my questions: 1. The By Example document talks about adding winbind to /etc/nsswitch.conf and putting libnss_winbind.so in my /usr/lib directory. Is this required for the situation described above, or is this only required if you want to be able to log into the Solaris server using an ADS account and password? 2. The Official Howto talks about adding pam_smbpass.so and/or pam_winbind.so entries to /etc/pam.conf. Again, is this required for the situation described above, or is this only required for logging into Unix with ADS accounts? Thanks for any info... Greg Adams -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
