[Samba] Can't login from Windows PC to Samba using ADS?

[Michael Cesar]

Wait a minute.

I thought I read somewhere that with Samba 3, in order to have it 
authenticate a share as a member of an ADS domain one didn't need to 
setup any accounts on the Linux/Samba  server box?

I just read in another how-to that NSS is responsible for identity 
management and PAM is responsible for authentication of login 
credential. If those are both true and can be set to winbind, why do I 
need to consider NIS or installing Unix Services for Windows?

Michael Cesar

>>    
>>
>Hi,
>That looks fine as far as user name resolution is concerned. But this
>will require you to maintan two sets of user database as well as the
>mappings.
>I'm currently using mapping NT users to NIS groups to make it easier,
>so in the /etc/nsswitch.conf file I'm using nis instead of winbind,
>because winbind actually results in file and dir being created with NT
>userid and group ids like this Domain+User.  Eventually I will want to
>use the AD ldap infrastructure, even if it means that I have to
>install Unix Services for Windows on the DCs. (Recommended)
>Please correct me if I'm wrong on this if anyone think I misunderstood
>the setup.
>
>Yang
>
>  
>