On Thursday 09 August 2007 15:58, Angela Gavazzi wrote: > My working nsswitch.conf look like this: > > passwd: files winbind ldap > group: files winbind ldap > shadow: files winbind ldap > > By, Angela Can nss_winbind be used against a Samba domain? AFAICS it is only used to identify users/groups of Windows domains. Please correct me if I'm wrong.
I found three options to allow windows users to manage ACLs in their homes on a Samba server which is joined to a Samba domain and uses nss_ldap against the DC's backend LDAP server. option 1: basic smb.conf - winbind needed to add ACLs - "winbind trusted domains only = yes" needed so that the domain appears in the original ACLs (and not the NetBIOS name of the server) and winbind_idmap.tdb maps domain users/groups to their LDAP uids/gids option2: smb.conf with LDAP idmap backend Same requirements. Note that as above I need to define ranges for idmap uid and gid although winbindd_idmap.tdb never changes option3: smb.conf with LDAP passdb backend - winbind needed (but netlogon proxy only mode is OK) otherwise ACLs can be added but when displayed users/groups are not resolved Are there other options? What is the best in terms of performance? While I can imagine why winbind is needed for option 1 I don't see - why it can't be used in netlogon proxy only mode for option 2 and - why it is needed at all for otion 3. Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba