[Samba] Re: ADS valid users can't map share

Gerald (Jerry) Carter jerry at samba.org
Wed Oct 20 15:12:10 GMT 2004

Hash: SHA1

Greg Adams wrote:
| How do you choose to authenticate using kerberos instead
| of NTLM? Is that when you map as "userid at DOMAIN.X.Y.Z"
| instead of "DOMAIN\userid"?

It depends on whether you are using 'security = ads' and
have a working kerberos installation or if you are using
'security = domain'.

| Is there another way for me to do user mapping than
| using the username map? I've seen some OpenLDAP method
| of doing it, but since my goal is to map a handful of
| ADS domain groups to individual unix id's, I
| figured it was easier to just use username map instead
| of setting up an LDAP schema.

You are talking about group mapping.  This does not
require LDAP, but can be stored in and LDAP directory.

cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list