[Samba] Re: ADS/Kerberos/LDAP/Win2K

Roman Sommer roman.sommer at gmail.com
Mon Jan 23 06:40:02 GMT 2006

thanks a lot for pointing that out. There might be multiple domains I have
to take care of so I probably need a ldap backend. Is there any chance I can
use an existing Active Directory domain controller with SFU or 2003 R2 (with
ADAM)? Theoretically it should work fine with ADAM as this is a plain ldap
database.. but I need people not having any knowledge of ldap to take
control of users - so I would really appreciate a solution based on the
R2/SFU schema extensions. But since I couldn't find any schemas for this
solution I doubt it's possible, is it?

regards, Roman

2006/1/20, Gerald (Jerry) Carter <jerry at samba.org>:
> Hash: SHA1
> Roman Sommer wrote:
> > what was this thread called originally? It seems to be interesting.
> This is the original thread.
> > It looks like it covers pretty much what I am about to do.
> > I never came across any information about
> > 'idmap backend = ad' (uses the uid and gid information
> > from active directory) or 'winbind nss info' (uses
> > the home directory and shell information from AD).
> >
> > I want winbind to automatically assign both uid and gid to a user that
> > logs onto a unix machine for the first time.
> The ad backend for winbindd does not allocate ids.  It simply reads them
> from an AD extended with the SFU schema.  To have winbindd allocate &
> store, use either tdb or ldap.  If you only have one domain, look at the
> rid backend which performs a direct mapping from the user/group- RID to
> a uid/gid.
> cheers, jerry
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQFD0Q3oIR7qMdg1EfYRAhxGAJ9UKJ2pz/rwY0EuUfOJL2xp3bl6QgCff3qn
> tBkjgTSOSXE1rYci5P61hFE=
> =/hu8

More information about the samba mailing list