[Samba] Windows AD w/ Windows Services for Unix?
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Nov 22 18:38:16 GMT 2005
Can anyone verify the functionality of the RPM's for SuSE 9.3 located here?
http://us3.samba.org/samba/ftp/Binary_Packages/SuSE/pre/x86_64/9.3/
I am leary of getting an unstable version setup. Thanks in advance.
Doug VanLeuven wrote:
> Jason Gerfen wrote:
>
>> Doug VanLeuven wrote:
>>
>>> Jason Gerfen wrote:
>>>
>>>> I can authenticate users on a default setup of Windows 2000 using
>>>> 'Security = ADS'. However if I install Windows Services for Unix
>>>> (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx)
>>>> I am not able to authenticate or view users from different
>>>> Organizational Units in the default domain. ???
>>>>
>>>
>>> With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on
>>> both
>>> client and server without side effects.
>>> I use:
>>> winbind nss info = template sfu
>>> security = ADS
>>> winbind trusted domains only = yes
>>> idmap backend = ad
>>>
>>> on the samba member servers.
>>>
>>> Perhaps you mean you're running samba PDC and using SFU on a client
>>> workstation? In that case, I would assume, for it to work, you
>>> would need to run an ldap backend and extend the schema for SFU.
>>> Then fill out the unix values.
>>>
>>> Anyone ever done that?
>>>
>>> Regards, Doug
>>
>>
>>
>> Odd, I attempted your suggestions:
>>
>> %> testparm
>> Load smb config files from /etc/samba/smb.conf
>> Unknown parameter encountered: "winbind nss info"
>> Ignoring unknown parameter "winbind nss info"
>
>
> You must be using an older version of samba. I don't recall exactly when
> that was introduced. Somewhere around 3.0.14 maybe. Probably wouldn't
> find the "ad" loadable module either. They came in at the same time.
>
>> The first scenario is correct, a ROLE_DOMAIN_MEMBER that
>> authenticates file shares using nsswitch and winbind against the
>> Windows 2000 domain.
>
>
> Prior to the XAD idmap_ad being pushed into samba, I compiled it and
> included it myself on older versions (and had to patch it too).
> Prior to samba 3.0 I was using SFU to export NFS shares on windows
> servers using user and group mapping. Unix had NIS then LDAP for auth.
> Only way I made the SFU/NIS/LDAP work with samba. You'll need to get
> current.
>
> Regards, Doug
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the samba
mailing list