switching to security = domain

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Fri Sep 3 19:14:49 GMT 1999

I'm experimenting with switching our 2.0.5a installation to domain mode from
server mode, and I'm wondering how the user (and I suppose group, for that
matter) mapping is going to work.  Things are somewhat complicated by the
fact that most of the users are going to be coming from other domains,
rather than from the one the Samba server will be joining (the latter does
trust the former).

Do I now switch from username map to domain user map?

Do I need to specify all of the Unix users in the domain user map, qualified
with their domain (since they will nearly all be coming from other domains)?

What happens if I have a user from some other domain -- DOM2\fred, say --
that is not in the map, and he tries to connect?  He doesn't get mapped to
local user "fred" or something, I hope?

As a matter of interest, is it possible to map users by SID, rather than by
name?  In a lot of ways being able to map directly between SIDs and
uids/gids would be nice.

More information about the samba-ntdom mailing list