[Samba] Re: NT/ADS and UNIX user convergence using Samba
Paul Gienger
pgienger at ae-solutions.com
Tue Apr 6 16:49:02 GMT 2004
I just set up your situation on a couple of test boxes. You can follow
the steps here: http://www.openldap.org/doc/admin22/quickstart.html
start at step 8 if you've already gotten the OpenLDAP package installed
via your distro's package management routine. Set your domain equal to
your windows domain name, for example, my test domain here was
dc=active,dc=bis,dc=ae-solutions,dc=com where my windows domain was
"ACTIVE" with a fqdn of active.bis.ae-solutions.com. You then need to
add one idmap object under it, I can't be much more specific than that,
since I just found that someone hosed my ldap config on the test boxes.
news.gmane.org wrote:
>>Hi Steve,
>>
>>I think you have two options, use winbind and bin NIS or vice versa.
>>If you choose to use winbind as you identified you have to worry about
>>
>>
>mappings being different on individual
>
>
>>Samba servers, the only way to get around this currently is to use LDAP as
>>
>>
>your idmap backend. This stores
>
>
>>the UID to SID mappings centrally for multiple Samba servers to share.
>>If you choose to use NIS you will have to mess around with smbpasswd and
>>
>>
>net groupmap to make users and
>
>
>>groups visiable as valid accounts for Samba. Also your NTLM passwords will
>>
>>
>not be sync'd to the domain but
>
>
>>Kerberos auth will work seemlessly. AFAIK
>>
>>
>
>Thanks. I did a little more poking around and it seems like I'm leaning
>towards using winbind as my definitive authorization for this server and
>removing NIS from the fileserver. If I do this, I'll need to get LDAP up
>and running to control the mapping of SID -> UID so my NT SIDs map to my NIS
>UIDs for UNIX NFS clients that mount the volume(s). I've seen several
>descriptions of how to get the Samba side up (basically use the "idmap
>backend" option in smb.conf), but I'm completely new to LDAP, and I haven't
>found a simple description of how to set up an minimal LDAP server (probably
>using OpenLDAP) on my linux box that would just contain the SID->UID
>mappings.
>
>Does anyone have a simple example configuration for OpenLDAP that they would
>like to share? You can post, or email me directly at: looper_man at yahoo.com
>
>Thanks in advance,
>Steve
>
>
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list