Linux ADS authentication in AD environment
Andrew Bartlett
abartlet at samba.org
Tue Feb 24 07:37:25 GMT 2004
On Tue, 2004-02-24 at 09:45, Anderson, Brandie wrote:
> Hi,
>
> I am a subscriber to this list and have probably just missed this.
> Someone on our campus wants to put up a Samba 3 server for Linux ADS
> integration - I have some issues, but not many. One of my subordinates
> sent this as a reason we should deny the request and I am not sure he is
> completely up on everything ya'll are doing. Could you tell me if he is
> correct?
I'm not sure I understand what you are asking here. Perhaps you should
simply state what you want to do - and see how we can or cannot help.
> "This is possible to do yet not advisable. It requires extensive
> management and do to the methods of implementing this it is very taxing
> on the system itself. We have found it to be an issue when smbbrowsing
> occurs. If your not familiar with smb_acls you run the risk of
> automatically creating up to 80K user objects in /etc/password
> /etc/groups /etc/shadow. Everyone who has the ability to send an smb
> request to the server is able to " Browse " and with the way the smb_pam
> works it will create a local account."
None of this makes sense - not in the slightest. The only comment I
would make is that winbindd provides an nsswitch interface, much the
same as nss_ldap does.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040224/4e41d2d7/attachment.bin
More information about the samba-technical
mailing list