Hi, On Thu, 2005-09-29 at 17:36 +0200, paul kölle wrote:
> Kristof Bruyninckx wrote: > > But still there are some new problems that popped up. wbinfo -u ,wbinfo > > -g and wbinfo -t still work. > > Also getent passwd works, and shows me all the windows accounts, but it > > is very slow, when starting this command the LDAP starts pumping a lot > > of messages into /var/log/message, this in it self is not a real problem > > since the debugging is turned to maximum. > logging slows things down, additionally you might consider adding > indexes for the relevant attributes to slapd.conf, shut down the ldap > server run slapindex and start again. > It was indeed the logging which was slowing me down so badly, turned of debugging and the system is very responsive now. > > But even do getent passwd is working, I cannot perform id > > <Windows.Usename> > Hmm, I'd expect id should work for root as soon as getent works for > root. Stop nscd if running. I'm sure you alread red this: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html > > nor login as that user. > You have set up pam_winbind have you? > > ldapsearch -x -b 'dc=thales,dc=be' '(objectclass=*)' also doesn't show me > > any entry, and > > if I'm not mistaken it should display everything. > No, this is an anonymous search and your ACLs do not grant anonymous > read access. I don't know if that is a problem for nss_winbind though, > try changing your last ACL to: > Also is no longer giving me any problems, and displays all the users. > access to * > by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write > by self write > by users read > by * read > > If that helps you will have to investigate which component uses > anonymous binds and if that can be changed. > > cheers > Paul > But I have one more question, I configured a LDAP client, and on this machine I can see all the normal NIS users, but I don't see any windows users. This might sound stupid but this was what how I expected it to work. Sometimes it takes a while for the brain to catch a clue :). Now my question would be, how to setup the client, to use the mapping stored into the LDAP server. If this is possible, since at the moment I'm a bit confused. Do I have to perform this setup on every server to Unify SID to UID/GID mapping. Or how can I use the LDAP server I just setup for this purpose, sorry if this question is well documented somewhere, but I haven't found anything yet, maybe because I was asking the wrong questions. Cheers, -- Bruyninckx Kristof Thales Services Division GNU&Linux/Unix System Administrator / Test developer Tel: 02/674.76.49.19 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
