I am setting up a Samba PDC with LDAp backend.

All went well untill I needed to join PDC to the domain
net join rpc produces NT_STATUS_ACCESS_DENIED and
wbinfo -u : Error looking up domain users.

getent can see all LDAP accounts and pam autentication works.

It seems that winbind is not working properly.

Now question -
Can I setup a Samba PDC with LDAP backend without using winbind?
And how can I do it?

I do not want to map windows groups to Linux groups and I think I do not need windbind.

At the moment my server is running without it using files backend and life is sweet, but all Samba + LDAP howtos seem to need it. Can I not use winbind at all?

And if not possible, how do I troubleshoot it?

Thank you in advance!

I thought this was something to do with nsswitcht, but I'm not sure.

Can you post it?

Thanks for reply, heer it is:

But the more I think (the more I like it ) the more I become convinced that I do not need winbind.

In my requirements Users are all local administrators and are mapped to their Unix uids by their username. The file security is provided by UNIX groups and everything is working fine. At the moment Samba is using a passwd file backend.

The need for LDAP arose from desire to have a BDC and failover.
Is it possible to replace PAM autentication with ldap on both servers (it is! Easy!) and Use Ldap backends for both Samba servers?
I do not think that even samba.schema will be necessary in my case. Am I right?

But I bloody cannot get it to work :-( It should work!!! Don't understand

PS and another question: There is no /etc/samba/smbpasswd file with LDAP setup. Do we still need to "smbpasswd -a" users?

It is possible to have both servers authenticating off the one ldap server.

Currently I am trying to add the BDC to my domain and get an NT error code 0x1c010002 when trying to add the BDC. The BDC is updating the LDAP server account information.

Also you may wish to use the pdbedit for user administration.