[Samba] Winbind + NIS + winbind trusted domains
Luke Mewburn
luke at mewburn.net
Wed Dec 15 10:44:32 GMT 2004
On Wed, Dec 15, 2004 at 11:36:38AM +0100, Christoph Scheeder wrote:
| Hi,
| that behavior is logical correct, i would say.
| What happens is:
| the user is found from nis, and gets an userid not from the winbind-range.
| As a result samba is not able to verify this uid against the AD, as it
| is not an AD-user-id.
| i guess to achive what you want you would have to add the nis-users to
| the local smbpasswd-database with the correct username and password and
| tell samba to loock up users first in local database and then in AD.
| But i don't know if this is possible, i never tried it.
That's not quite correct.
If you have _all_ of your ADS users in NIS (without the leading
"DOMAIN\") then you can use NIS for the username->UID mapping
and ADS for samba password authentication. You don't need
winbind in nsswitch.conf for this. (I.e, just "passwd: files nis")
The problem is if you only have _some_ of your ADS users in NIS,
and want to use "passwd: files nis winbind" to take advantage
of winbindd's "fake up a UID" behaviour, then you currently can't
do this with samba, due to reasons I have detailed in other posts.
As far as I can tell, no other "usermapper" product solves this
problem either (e.g, EMC's NAS product, etc). Which doesn't make
it an invalid problem, just one that hasn't been solved elsewhere.
Luke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20041215/b011c3db/attachment.bin
More information about the samba
mailing list