[Samba] Winbind UID/GID unification across multiple machine solution

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

malk at sidehack.sat.gweep.net wrote:

> If there's a better way to do it, let me know -- I couldn't find anything
> so I rolled my own and I'd like to offer back the solution to anyone else
> who needs it.  I'm aware that perhaps in the future Samba will
> use an algorithm based UID to GID mapping making this setup unnecessary.
Eric,

Thanks for passing thsi along.

There are 2 official solutions for this sceanrio in Samba 3.0

   (a) store the uid/gid mappings in LDAP for access by multiple
       winbindd installations. or
   (b) Have existing UNIX accounts for windows users, run winbindd
       and set 'winbind trusted domains only = yes'.

Solution (a) does not require pam_ldap or nss_ldap or any support
for the RFC2307 schema so you don't have to migrate to from NIS ->
LDAP for this.

And note that (b) only works for users/groups in the domain to which
the samba server is joined.





cheers, jerry
  ----------------------------------------------------------------------
  Hewlett-Packard            ------------------------- http://www.hp.com
  SAMBA Team                 ---------------------- http://www.samba.org
  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFAAtMiIR7qMdg1EfYRAh+qAJdvmFHaS6nk4OInPxCgrItMkw/sAJ9V21jk
HHqK07+BLfSUCZmVSGUt1w==
=I64W
-----END PGP SIGNATURE-----