[Samba] Re: NT/ADS and UNIX user convergence using Samba

Paul Gienger pgienger at ae-solutions.com
Tue Apr 6 16:49:02 GMT 2004


I just set up your situation on a couple of test boxes.  You can follow 
the steps here: http://www.openldap.org/doc/admin22/quickstart.html 
start at step 8 if you've already gotten the OpenLDAP package installed 
via your distro's package management routine.  Set your domain equal to 
your windows domain name, for example, my test domain here was 
dc=active,dc=bis,dc=ae-solutions,dc=com where my windows domain was 
"ACTIVE" with a fqdn of active.bis.ae-solutions.com.  You then need to 
add one idmap object under it, I can't be much more specific than that, 
since I just found that someone hosed my ldap config on the test boxes.

news.gmane.org wrote:

>>Hi Steve,
>>
>>I think you have two options, use winbind and bin NIS or vice versa.
>>If you choose to use winbind as you identified you have to worry about
>>    
>>
>mappings being different on individual
>  
>
>>Samba servers, the only way to get around this currently is to use LDAP as
>>    
>>
>your idmap backend. This stores
>  
>
>>the UID to SID mappings centrally for multiple Samba servers to share.
>>If you choose to use NIS you will have to mess around with smbpasswd and
>>    
>>
>net groupmap to make users and
>  
>
>>groups visiable as valid accounts for Samba. Also your NTLM passwords will
>>    
>>
>not be sync'd to the domain but
>  
>
>>Kerberos auth will work seemlessly. AFAIK
>>    
>>
>
>Thanks.  I did a little more poking around and it seems like I'm leaning
>towards using winbind as my definitive authorization for this server and
>removing NIS from the fileserver.  If I do this, I'll need to get LDAP up
>and running to control the mapping of SID -> UID so my NT SIDs map to my NIS
>UIDs for UNIX NFS clients that mount the volume(s).  I've seen several
>descriptions of how to get the Samba side up (basically use the "idmap
>backend" option in smb.conf), but I'm completely new to LDAP, and I haven't
>found a simple description of how to set up an minimal LDAP server (probably
>using OpenLDAP) on my linux box that would just contain the SID->UID
>mappings.
>
>Does anyone have a simple example configuration for OpenLDAP that they would
>like to share?  You can post, or email me directly at:  looper_man at yahoo.com
>
>Thanks in advance,
>Steve
>
>
>
>  
>

-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com




More information about the samba mailing list