[Samba] Link AD to pre-existing UNIX accounts

Gerald (Jerry) Carter jerry at samba.org
Fri Apr 27 13:41:40 GMT 2007

Hash: SHA1

Ralf Gross wrote:
> CG schrieb:
>> I'm trying to use winbindd to enumerate and link AD users to their pre-
>> existing UNIX accounts. Right now, winbindd creates new "users" for UNIX based 
>> on windows username and groups.
>> What I can't figure out is how to explicitly map the AD users to their pre-
>> existing UNIX accounts. I'd like the users to be able to access their UNIX 
>> accounts with their UNIX authentication information /and/ their AD 
>> authentication information. I had hung my hat on the "username map" smb.conf 
>> directive, but I find now that it doesn't apply to winbindd.

See the idmap_nss backend in Samba 3.0.25.  But it is an all
or none.  You cannot have winbindd allocate a uid for some
users in a domain and use existing Unix accounts for others.

On older versions, see the "winbind trusted domains only" option.

I also have a pending username map plugin for winbindd that might
be available in 3.0.26.  it's still under discussion.

cheers, jerry
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list