Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 11:15 AM, Norberto Bensa wrote: > On Tue, Jun 30, 2009 at 10:39 AM, John Drescher wrote: >>> On Tue, Jun 30, 2009 at 7:29 AM, David Markey >>> wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. >>> >>> Why do I need idmap? I mean, from what I understand, idmap only >>> purpose is to help winbind ensure uid and gid are the same across >>> servers. If I use LDAP to store users accounts and groups, these id >>> are the same. >>> >> >> Without idmap ACLs do not work on member servers. I mean changing ACLs >> on files in windows does not work as expected. >> > > Ok. So, is this "idmap backend = nss" a valid option? I can't find > information about it in "man smb.conf" > > I'm using samba-3.0.28a (ubuntu hardy). > I do not remember what version that was added. 3.0.28 is pretty old though. I am using 3.0.33 or greater on all of my production servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 10:39 AM, John Drescher wrote: >> On Tue, Jun 30, 2009 at 7:29 AM, David Markey >> wrote: >>> It's possible to use nss_ldap and idmap backend = nss and no winbind, like >>> you are describing. >> >> Why do I need idmap? I mean, from what I understand, idmap only >> purpose is to help winbind ensure uid and gid are the same across >> servers. If I use LDAP to store users accounts and groups, these id >> are the same. >> > > Without idmap ACLs do not work on member servers. I mean changing ACLs > on files in windows does not work as expected. > Ok. So, is this "idmap backend = nss" a valid option? I can't find information about it in "man smb.conf" I'm using samba-3.0.28a (ubuntu hardy). > John M. Drescher > Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
> On Tue, Jun 30, 2009 at 7:29 AM, David Markey > wrote: >> It's possible to use nss_ldap and idmap backend = nss and no winbind, like >> you are describing. > > Why do I need idmap? I mean, from what I understand, idmap only > purpose is to help winbind ensure uid and gid are the same across > servers. If I use LDAP to store users accounts and groups, these id > are the same. > Without idmap ACLs do not work on member servers. I mean changing ACLs on files in windows does not work as expected. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 7:29 AM, David Markey wrote: > It's possible to use nss_ldap and idmap backend = nss and no winbind, like > you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. > It's also possible to use nss_winbind and no nss_ldap, however there has > been a bug on the server side that has stopped this from working. So the > option above is your only option unless you have a version of samba on the > server side that isn't affected by the bug. In the past, winbind used to give headaches. I want to avoid it if I can :-) > Regards, > > David Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. It's also possible to use nss_winbind and no nss_ldap, however there has been a bug on the server side that has stopped this from working. So the option above is your only option unless you have a version of samba on the server side that isn't affected by the bug. Regards, David On Tue, 30 Jun 2009 00:59:16 -0300, Norberto Bensa wrote: > Hello, > > On Mon, Jun 29, 2009 at 11:11 PM, John Drescher > wrote: >>> I have a Samba PDC with an LDAP backend password database, against which >>> WinXP clients authenticate. I also have a Ubuntu workstation, which >>> authenticates directly to the same LDAP password database (no Samba). >>> >>> I now wish to have the WinXP clients be able to map shares on the Ubuntu >>> workstation, so I obviously need to get Samba working on it. I can slog >>> through the technical details, but I want to make sure I have the >>> concept >>> properly figured out - will the Ubuntu workstation be a "member server", >>> configured as such per the Samba documentation using Winbind, or is >>> there a >>> different way I should be thinking about this? >>> >>> Thanks for any general pointers. >>> >> >> That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 >> to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there >> are no real file shares. The member servers have that. My member >> servers have winbind. > > > At work, we're in the process of starting a migration of our Windows > XP clients to Ubuntu. > > My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. > > I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as > a password server. Users and groups are read from LDAP via nsswitch > (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. > > It seems to work, but I want to know if I'm missing something. > > Why should I run winbind? > If I need to run winbind, does it need to run on server _and_ clients? > > > Many thanks in advance, > Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
Hello, On Mon, Jun 29, 2009 at 11:11 PM, John Drescher wrote: >> I have a Samba PDC with an LDAP backend password database, against which >> WinXP clients authenticate. I also have a Ubuntu workstation, which >> authenticates directly to the same LDAP password database (no Samba). >> >> I now wish to have the WinXP clients be able to map shares on the Ubuntu >> workstation, so I obviously need to get Samba working on it. I can slog >> through the technical details, but I want to make sure I have the concept >> properly figured out - will the Ubuntu workstation be a "member server", >> configured as such per the Samba documentation using Winbind, or is there a >> different way I should be thinking about this? >> >> Thanks for any general pointers. >> > > That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 > to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there > are no real file shares. The member servers have that. My member > servers have winbind. At work, we're in the process of starting a migration of our Windows XP clients to Ubuntu. My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as a password server. Users and groups are read from LDAP via nsswitch (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. It seems to work, but I want to know if I'm missing something. Why should I run winbind? If I need to run winbind, does it need to run on server _and_ clients? Many thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
> I have a Samba PDC with an LDAP backend password database, against which > WinXP clients authenticate. I also have a Ubuntu workstation, which > authenticates directly to the same LDAP password database (no Samba). > > I now wish to have the WinXP clients be able to map shares on the Ubuntu > workstation, so I obviously need to get Samba working on it. I can slog > through the technical details, but I want to make sure I have the concept > properly figured out - will the Ubuntu workstation be a "member server", > configured as such per the Samba documentation using Winbind, or is there a > different way I should be thinking about this? > > Thanks for any general pointers. > That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there are no real file shares. The member servers have that. My member servers have winbind. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba