[Samba] Re: Accessing Samba Shares with AD usernames

Tom Dickson bombcar at bombcar.com
Thu Sep 11 11:24:35 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you looked at winbind? It allows you to not have to manually create
the Unix accounts, as it integrates with nsswitch.

- -Tom

Lars Wiberg wrote:
| To follow up on this, I have been studying the documentation more
| intensively yesterday evening, and have concluded that the current release
| of Samba cannot do what I am trying to achieve.
|
| What I forgot to mention yesterday, was that there is to be no unix
accounts
| on the Samba server, meaning the only user administration involved is from
| the Active Directory (AD), but after doing a more thorough studying of the
| documentation, this paragraph came up:
|
| "In the course of development of Samba-3, a number of requests were
received
| to provide the ability to migrate MS Windows NT4 SAM accounts to Samba-3
| without the need to provide matching UNIX/Linux accounts. We called
this the
| Non UNIX Accounts (NUA) capability. The intent was that an administrator
| could decide to use the tdbsam backend and by simply specifying passdb
| backend = tdbsam_nua this would allow Samba-3 to implement a solution that
| did not use UNIX accounts per se. Late in the development cycle, the team
| doing this work hit upon some obstacles that prevents this solution from
| being used. Given the delays with Samba-3 release a decision was made
to NOT
| deliver this functionality until a better method of recognising NT Group
| SIDs from NT User SIDs could be found. This feature may thus return during
| the life cycle for the Samba-3 series."
|
| If I understand that paragraph correctly, it is currently not possible to
| authenticate users on a Samba server solely from an Active Directory. The
| only possible way is to create unix accounts on the Samba server - which
| means more user administration.
|
| Thank you all, for your input.
|
| Can anybody from the Samba team tell me how far into the horizon I have to
| look for this feature? From the documentation, it seems to me that a
lot of
| work has gone into this already.
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/YFtzRliD/69byygRAieYAJ0brB3t1jhAM3bSNIWPjSfg9n93RACeIWJt
bozCxFPX7l4MniyGQ8HnS4E=
=NgpX
-----END PGP SIGNATURE-----

More information about the samba mailing list