Have answered some of my own questions by RTFM ( see below ). Still interested to know if anyone has any ideas on replicating tdbs or if ldap backend is much easier.
Also is there any way to get a user in a trusted domain with a unix account on the server to exhibit the same behaviour as that which you get with "winbind trusted domains only = yes" for the samba server domain i.e. is there anyway to extend the behaviour to have a list of domains for which winbind id mapping should not happen is an existing unix account is in place? any info would be greatly appreciated. thanks tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wright, Tim (ANTS) Sent: 20 February 2004 14:17 To: '[EMAIL PROTECTED]' Subject: [Samba] Samba as AD domain member Hi we're running 3.0.1 on Solaris 9 ( with NIS/flat files as the NS ) as a member server of the AD domain ( via kinit and then net join ). there's a couple of things we've noticed and I'm not sure if they're just the way it works or configuration problems: (1) we assign the gid an uid mappings with idmap in smb.conf and I thought that winbindd would not assign uid/gids if they already present which appears not to be the case? No it isn't the case as the smb.conf man page very clearly states (2) all we are using winbindd for is to give access to file shares ( not for logging into the unix server with AD account or anything ), and we seem to have a slight issue in that (i) a AD user with no unix account accesses a share and winbindd creates a unix account fot it and it is gtranted access to the share if it satisfies the valid users etc - good (ii) a AD user with a valid unix account ( with the same username in AD and NIS ) tries to access a share and sambd now validates the user as AD\username rather than just username - bad If you set winbind trusted domains only = yes then this is fine for users in the same AD domain as the Samba server. (3) Occasionally things just seem to stop working and the only way I can find to fix it is to clear out the lockdir of all tdb files and restart ( symptoms will be things like net status sessions hangs, net groupmap list hangs, wbinfo -r starts having issues ) (4) The samba stuff is running on a cluster ( active passive with dameons running on both nodes all the time and just the share configuration failing over ) - is there any way of ensuring that the tdb files are consistent between the two ( I saw something on this list about a similar issue with a backup print server ) - I'm I right in thinking we could set up an ldap backend to store the tdb information ( if so is this advisable or is it going to complicate things too much ). thanks tim *************************************************************************** This communication (including any attachments) contains confidential information. If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents. Please notify the sender immediately of the error. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes. If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication. This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding. Abbey National Treasury Services plc. Registered Office: Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN. Registered in England under Company Registration Number: 2338548. Regulated by the Financial Services Authority (FSA). *************************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba *************************************************************************** This communication (including any attachments) contains confidential information. If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents. Please notify the sender immediately of the error. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes. If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication. This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding. Abbey National Treasury Services plc. Registered Office: Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN. Registered in England under Company Registration Number: 2338548. Regulated by the Financial Services Authority (FSA). *************************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba