Linux ADS authentication in AD environment

Andrew Bartlett abartlet at
Tue Feb 24 07:37:25 GMT 2004

On Tue, 2004-02-24 at 09:45, Anderson, Brandie wrote:
> Hi,
> I am a subscriber to this list and have probably just missed this.
> Someone on our campus wants to put up a Samba 3 server for Linux ADS
> integration - I have some issues, but not many. One of my subordinates
> sent this as a reason we should deny the request and I am not sure he is
> completely up on everything ya'll are doing. Could you tell me if he is
> correct? 

I'm not sure I understand what you are asking here.  Perhaps you should
simply state what you want to do - and see how we can or cannot help.

> "This is possible to do yet not advisable. It requires extensive
> management and do to the methods of implementing this it is very taxing
> on the system itself. We have found it to be an issue when smbbrowsing
> occurs. If your not familiar with smb_acls you run the risk of
> automatically creating up to 80K user objects in /etc/password
> /etc/groups /etc/shadow. Everyone who has the ability to send an smb
> request to the server is able to " Browse " and with the way the smb_pam
> works it will create a local account."

None of this makes sense - not in the slightest.  The only comment I
would make is that winbindd provides an nsswitch interface, much the
same as nss_ldap does.  

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list