[Samba] Link AD to pre-existing UNIX accounts

Hillel Seltzer hseltzer at larich.com
Mon Apr 23 14:52:51 GMT 2007


Are there AD users who need Samba access and do not have Unix accounts?
If so, is there a problem giving them Unix accounts?

I have a server set up to do this, but all of the users
have local Unix accounts as well as AD accounts.  Basically,
set up Samba as an AD member server and just do not use windbindd.
All permission information for the shares in smb.conf can then 
use the Unix user and group names instead of those in AD, and
Samba will still use the AD credentials for Windows client access.
You will have to map DOMAIN\administrator to root (if you want
adminstrator to have Samba access) and any other domain user 
with a different domain login than their Unix login in the 
Samba usermap file.

Hope this helps.
---Hillel

On Mon, 23 Apr 2007 14:17:42 +0000 (UTC), CG wrote
> I'm trying to use winbindd to enumerate and link AD users to their 
> pre- existing UNIX accounts. Right now, winbindd creates new "users" 
> for UNIX based on windows username and groups.
> 
> What I can't figure out is how to explicitly map the AD users to 
> their pre- existing UNIX accounts. I'd like the users to be able to 
> access their UNIX accounts with their UNIX authentication 
> information /and/ their AD authentication information. I had hung my 
> hat on the "username map" smb.conf directive, but I find now that it 
> doesn't apply to winbindd.
> 
> Has anyone worked out a strategy for this scenario?
> 


More information about the samba mailing list