[Samba] Windows AD w/ Windows Services for Unix?

Jason Gerfen jason.gerfen at scl.utah.edu
Mon Nov 21 20:14:29 GMT 2005

Doug VanLeuven wrote:

> Jason Gerfen wrote:
>> I can authenticate users on a default setup of Windows 2000 using 
>> 'Security = ADS'.  However if I install Windows Services for Unix 
>> (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) 
>> I am not able to authenticate or view users from different 
>> Organizational Units in the default domain.  ???
> With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both
> client and server without side effects.
> I use:
> winbind nss info = template sfu
> security = ADS
> winbind trusted domains only = yes
> idmap backend = ad
> on the samba member servers.
> Perhaps you mean you're running samba PDC and using SFU on a client
> workstation?  In that case, I would assume, for it to work, you
> would need to run an ldap backend and extend the schema for SFU.
> Then fill out the unix values.
> Anyone ever done that?
> Regards, Doug

Odd, I attempted your suggestions:

%>  testparm
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "winbind nss info"
Ignoring unknown parameter "winbind nss info"

The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates 
file shares using nsswitch and winbind against the Windows 2000 domain.

Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."

More information about the samba-technical mailing list