[Samba] Windows AD w/ Windows Services for Unix?
roamdad at sonic.net
Mon Nov 21 22:12:00 GMT 2005
Jason Gerfen wrote:
> Doug VanLeuven wrote:
>> Jason Gerfen wrote:
>>> I can authenticate users on a default setup of Windows 2000 using
>>> 'Security = ADS'. However if I install Windows Services for Unix
>>> I am not able to authenticate or view users from different
>>> Organizational Units in the default domain. ???
>> With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both
>> client and server without side effects.
>> I use:
>> winbind nss info = template sfu
>> security = ADS
>> winbind trusted domains only = yes
>> idmap backend = ad
>> on the samba member servers.
>> Perhaps you mean you're running samba PDC and using SFU on a client
>> workstation? In that case, I would assume, for it to work, you
>> would need to run an ldap backend and extend the schema for SFU.
>> Then fill out the unix values.
>> Anyone ever done that?
>> Regards, Doug
> Odd, I attempted your suggestions:
> %> testparm
> Load smb config files from /etc/samba/smb.conf
> Unknown parameter encountered: "winbind nss info"
> Ignoring unknown parameter "winbind nss info"
You must be using an older version of samba. I don't recall exactly when
that was introduced. Somewhere around 3.0.14 maybe. Probably wouldn't
find the "ad" loadable module either. They came in at the same time.
> The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates
> file shares using nsswitch and winbind against the Windows 2000 domain.
Prior to the XAD idmap_ad being pushed into samba, I compiled it and
included it myself on older versions (and had to patch it too).
Prior to samba 3.0 I was using SFU to export NFS shares on windows
servers using user and group mapping. Unix had NIS then LDAP for auth.
Only way I made the SFU/NIS/LDAP work with samba. You'll need to get current.
More information about the samba