[Samba] Re: ADS valid users can't map share

Greg Adams gadams at gmail.com
Wed Oct 20 15:32:41 GMT 2004


I'm sorry, I still don't quite follow you.

I have "security = ads", and, as far as I can tell, a working kerberos
installation, so that means I'm using kerberos authentication, right?
>From the messages above, that means samba should be honoring the
domain portion of entries in the username map, which it is not doing.
Or am I using NTLM authentication for some weird reason?

Greg


On Wed, 20 Oct 2004 10:12:10 -0500, Gerald (Jerry) Carter
<jerry at samba.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Greg Adams wrote:
> | How do you choose to authenticate using kerberos instead
> | of NTLM? Is that when you map as "userid at DOMAIN.X.Y.Z"
> | instead of "DOMAIN\userid"?
> 
> It depends on whether you are using 'security = ads' and
> have a working kerberos installation or if you are using
> 'security = domain'.
> 
> | Is there another way for me to do user mapping than
> | using the username map? I've seen some OpenLDAP method
> | of doing it, but since my goal is to map a handful of
> | ADS domain groups to individual unix id's, I
> | figured it was easier to just use username map instead
> | of setting up an LDAP schema.
> 
> You are talking about group mapping.  This does not
> require LDAP, but can be stored in and LDAP directory.
> 
> 
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFBdoBKIR7qMdg1EfYRAjQ9AKC5fMb6pQGPPUj9MElWnFhP+fXCQwCgm9Dw
> bUYflDdIf8LOjflh3JWcYV8=
> =3HkH
> -----END PGP SIGNATURE-----
>


More information about the samba mailing list