[Samba] Connecting Samba 3.0 to a Win 2003 domain
Edward Irvine
irvinee at ics.mq.edu.au
Tue Nov 25 12:58:29 GMT 2003
Hi,
Just rejoined the list after many happy years of using samba in a
production enviroment.
I'm having problems getting my head around samba 3.0, or specifically,
the UID/GID/SID mapping. I've been RTFM'ing but am still uncertain about
the best way to go...
I have a Win 2003 controlled ADS domain with five thousand users and
just over a thousand groups. Users and groups (users and most groups
have identical names) are also in Unix /etc/passwd and /etc/group files.
Users access the Unix servers via ssh, and NFS as well as (currently)
samba 2. Passwords are authenticated against ADS/Kerberos.
I'm happy to write some sort of script that pulls data out of the ADS
(via LDAP) and regenerate some UID/GID/SID map somewhere. But after
RTFMing it looks like I should:
1) Set up an OpenLDAP server just to handle the sambaSamAccount
UID<-->SID mapping. This is OK but a bit strange as (it seems to me)
this info already in the ADS LDAP server.
2) If I go with the OpenLDAP server, do I also use it to map the
GID<-->SID as well? There is an objectclass "sambaGroupMapping" in
samba.schema that looks like this is what I should do, but as well as
the point made in 1) there doesn't seem to be anything in the how-to
about this.
3)the objectclass "sambaDomain" - I can't seem to find out what this is
for.
Any pointers appreciated!
Thanks
Eddie
More information about the samba
mailing list