[Samba] Re: winbind capabilities
John H Terpstra
jht at samba.org
Tue Nov 1 00:05:29 GMT 2005
On Monday 31 October 2005 16:50, Jim Kusznir wrote:
> Rex Dieter wrote:
> > Jim Kusznir wrote:
> >> From what I undrestand, there is no feesable way of implementing winbind
> >> in NSS and maintaining existing UID/GID mappings.
> > AFAIK, If SFU is installed on your Windows AD domain controller, it
> > will extend the schema to allow you to define UID/GID/homedir for
> > winbind's use. We're hopeing to use this soon, provided if I can ever
> > get our AD admins to install SFU.
> > -- Rex
> SFU30 is installed, and has extended the schema. We've been storing the
> UID/GID in this schema. My question is will winbind use that? My
> reading (from the samba howto) indicates that it does not; that we need
> to use nss_ldap to resolve that information. If we do, however, I also
Correct. You need to use nss_ldap.
> understand we loose the ability to use windows groups, which is a major
> issue for us.
Not so, you can map the SFU group to a Samba group using the 'net groupmap
modify' facility. This does not require Winbind, but could use it too.
> Can anyone confirm or deny this information? I know samba is a very
> active project, and the howtos may not match the actual state of the
> most current version.
If you want more information please contact me off-line.
- John T.
Co-author of the "Samba HOWTO" documentation.
Author of the "By Example" documentation.
More information about the samba