[Samba] Linux Authentication against win ADS

[Jens Nie]

Hello.

I need some advise on how to get linux authentication against a windows ADS working.

I already managed to get two linux boxes working using winbind to authenticate against our pdc, which is working well for nearly one year now.

As we have some new linux servers/workstations and two NAS-Boxes running OPEN-E Nas now, things get more complicated. The problem is actually the user name/ID mapping. Whilst all Domain users are visible on all linux boxes and the NAS-Box, the user name mapping is different on all machines. 

I solved this problem on our first two boxes by simply copying the winbind databases two the second box. As there is no way to copy those databases to or from the OPEN-E NAS Box that is also using Samba to communicate to win environments i am running into trouble now.

What i am thinking of is a kind of bridge or gateway between the linux world and the windows server world by setting up a linux server that is replicating all windows accounts into a openldap database that could be used by the linux clients and the NAS-Box for authentication. One more problem is that there is no way to update the schemas on the windows servers to suit linux UID/GID needs. This also has to be done on the linux machine.

Any hints or advises?

Best regards

Jens Nie