6.5 Sharing User ID Mappings between Samba Domain Members
Samba maps UNIX users and groups (identified by UIDs and GIDs) to Windows users and groups (identified by SIDs). These mappings are done by the idmap subsystem of Samba.
In some cases it is useful to share these mappings between Samba Domain Members, so name ->id mapping is identical on all machines. This may be needed in particular when sharing files over both CIFS and NFS.
To use the LDAP ldap idmap suffix , set:
ldap idmap suffix = ou=Idmap, dc=quenya, dc=org
See the smb.conf man page entry for the ldap idmap suffix parameter for further information.
Do not forget to specify also the ldap admin dn and to make certain to set the LDAP administrative password into the secrets.tdb using:
root# smbpasswd -w ldap-admin-password