Web lists-archives.com

Re: [Samba] multiple passdb backends for standalone fileserver?

Hi Rowland,

> On Mon, 20 Aug 2018 18:02:32 +0200
> Harry Jede via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > Am Montag, 20. August 2018, 16:43:24 CEST schrieb Matthias Leopold
> > 
> > via samba:
> > > Hi,
> > > 
> > > i (naively) would like to have local AND ldap users (and
> > > groups...)
> > > on my standalone fileserver (security = user). "passdb backend =
> > > ldapsam" already works OK and i found some old posts on the
> > > internet
> > > about "chaining" passdb backends.
> > 
> > Round about 12 years ago "chaining passdb backends" was removed! 
> > their are other possibilities:
> > 
> > 1. You can map local unix users and groups to their windows entrys.
> Well, yes you can, but the OP wanted to use users stored in ldap and
> users stored in /etc/passwd, but you cannot do both at the same time.
Me can!

> > 2. You can use winbind's idmap feature; obey the "idmap ranges" and
> > honor that the syntax has changed several times.
> The OP referred to a 'standalone server' and these do not need to run
> winbind
yes, but i said you can!

> and if it is running, all the idmap backends need SID's,
yes, local unix user sids are stored in /var/lib/samba/passdb.tdb

ldap user sids are stored in passdb.tdb if the server is a normal 
standalone server and the ldap server has NOT loaded the 

but get stored in ldap if the server is configured as standalone, PDC or 
BDC and ldap has samba3.schema loaded. You must configure smb.conf, 
pam and nss a little different.

Maybe, i should write a howto. But time ...

> there
> might not be any SID's in the OP's ldap.
yes, their can be sids but this is not a must have, but a usual case.

> > Just read the man pages of the samba version you are using!!! before
> > searching the web.
> Very wise words, 
> most web pages get something wrong ;-)
Oh, I believe they are most right at time of writing, but the writers forget to 
tell the readers the version, release number and ofen do not mention if 
they are using vanilla samba or a distro modified package. At the end this 
are pages to inspire someone but not more.
> Rowland


	Harry Jede
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba