[Samba] Re: ADS/Kerberos/LDAP/Win2K
Roman Sommer
roman.sommer at gmail.com
Mon Jan 23 06:40:02 GMT 2006
thanks a lot for pointing that out. There might be multiple domains I have
to take care of so I probably need a ldap backend. Is there any chance I can
use an existing Active Directory domain controller with SFU or 2003 R2 (with
ADAM)? Theoretically it should work fine with ADAM as this is a plain ldap
database.. but I need people not having any knowledge of ldap to take
control of users - so I would really appreciate a solution based on the
R2/SFU schema extensions. But since I couldn't find any schemas for this
solution I doubt it's possible, is it?
regards, Roman
2006/1/20, Gerald (Jerry) Carter <jerry at samba.org>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Roman Sommer wrote:
>
> > what was this thread called originally? It seems to be interesting.
>
> This is the original thread.
>
> > It looks like it covers pretty much what I am about to do.
> > I never came across any information about
> > 'idmap backend = ad' (uses the uid and gid information
> > from active directory) or 'winbind nss info' (uses
> > the home directory and shell information from AD).
> >
> > I want winbind to automatically assign both uid and gid to a user that
> > logs onto a unix machine for the first time.
>
> The ad backend for winbindd does not allocate ids. It simply reads them
> from an AD extended with the SFU schema. To have winbindd allocate &
> store, use either tdb or ldap. If you only have one domain, look at the
> rid backend which performs a direct mapping from the user/group- RID to
> a uid/gid.
>
>
>
>
> cheers, jerry
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFD0Q3oIR7qMdg1EfYRAhxGAJ9UKJ2pz/rwY0EuUfOJL2xp3bl6QgCff3qn
> tBkjgTSOSXE1rYci5P61hFE=
> =/hu8
> -----END PGP SIGNATURE-----
>
More information about the samba
mailing list