[Samba] Windows AD w/ Windows Services for Unix?

Jason Gerfen jason.gerfen at scl.utah.edu
Tue Nov 22 18:38:16 GMT 2005

Can anyone verify the functionality of the RPM's for SuSE 9.3 located here?


I am leary of getting an unstable version setup.  Thanks in advance.

Doug VanLeuven wrote:

> Jason Gerfen wrote:
>> Doug VanLeuven wrote:
>>> Jason Gerfen wrote:
>>>> I can authenticate users on a default setup of Windows 2000 using 
>>>> 'Security = ADS'.  However if I install Windows Services for Unix 
>>>> (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) 
>>>> I am not able to authenticate or view users from different 
>>>> Organizational Units in the default domain.  ???
>>> With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on 
>>> both
>>> client and server without side effects.
>>> I use:
>>> winbind nss info = template sfu
>>> security = ADS
>>> winbind trusted domains only = yes
>>> idmap backend = ad
>>> on the samba member servers.
>>> Perhaps you mean you're running samba PDC and using SFU on a client
>>> workstation?  In that case, I would assume, for it to work, you
>>> would need to run an ldap backend and extend the schema for SFU.
>>> Then fill out the unix values.
>>> Anyone ever done that?
>>> Regards, Doug
>> Odd, I attempted your suggestions:
>> %>  testparm
>> Load smb config files from /etc/samba/smb.conf
>> Unknown parameter encountered: "winbind nss info"
>> Ignoring unknown parameter "winbind nss info"
> You must be using an older version of samba.  I don't recall exactly when
> that was introduced.  Somewhere around 3.0.14 maybe.  Probably wouldn't
> find the "ad" loadable module either.  They came in at the same time.
>> The first scenario is correct, a ROLE_DOMAIN_MEMBER that 
>> authenticates file shares using nsswitch and winbind against the 
>> Windows 2000 domain.
> Prior to the XAD idmap_ad being pushed into samba, I compiled it and
> included it myself on older versions (and had to patch it too).
> Prior to samba 3.0 I was using SFU to export NFS shares on windows
> servers using user and group mapping.  Unix had NIS then LDAP for auth.
> Only way I made the SFU/NIS/LDAP work with samba.  You'll need to get 
> current.
> Regards, Doug

Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."

More information about the samba mailing list