[Samba] Re: NT/ADS and UNIX user convergence using Samba

news.gmane.org looper_man at yahoo.com
Tue Apr 6 15:17:44 GMT 2004


> Hi Steve,
>
> I think you have two options, use winbind and bin NIS or vice versa.
> If you choose to use winbind as you identified you have to worry about
mappings being different on individual
> Samba servers, the only way to get around this currently is to use LDAP as
your idmap backend. This stores
> the UID to SID mappings centrally for multiple Samba servers to share.
> If you choose to use NIS you will have to mess around with smbpasswd and
net groupmap to make users and
> groups visiable as valid accounts for Samba. Also your NTLM passwords will
not be sync'd to the domain but
> Kerberos auth will work seemlessly. AFAIK

Thanks.  I did a little more poking around and it seems like I'm leaning
towards using winbind as my definitive authorization for this server and
removing NIS from the fileserver.  If I do this, I'll need to get LDAP up
and running to control the mapping of SID -> UID so my NT SIDs map to my NIS
UIDs for UNIX NFS clients that mount the volume(s).  I've seen several
descriptions of how to get the Samba side up (basically use the "idmap
backend" option in smb.conf), but I'm completely new to LDAP, and I haven't
found a simple description of how to set up an minimal LDAP server (probably
using OpenLDAP) on my linux box that would just contain the SID->UID
mappings.

Does anyone have a simple example configuration for OpenLDAP that they would
like to share?  You can post, or email me directly at:  looper_man at yahoo.com

Thanks in advance,
Steve





More information about the samba mailing list