[Samba] Link AD to pre-existing UNIX accounts

Gerald (Jerry) Carter jerry at samba.org
Fri Apr 27 13:41:40 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ralf Gross wrote:
> CG schrieb:
>> I'm trying to use winbindd to enumerate and link AD users to their pre-
>> existing UNIX accounts. Right now, winbindd creates new "users" for UNIX based 
>> on windows username and groups.
>>
>> What I can't figure out is how to explicitly map the AD users to their pre-
>> existing UNIX accounts. I'd like the users to be able to access their UNIX 
>> accounts with their UNIX authentication information /and/ their AD 
>> authentication information. I had hung my hat on the "username map" smb.conf 
>> directive, but I find now that it doesn't apply to winbindd.


See the idmap_nss backend in Samba 3.0.25.  But it is an all
or none.  You cannot have winbindd allocate a uid for some
users in a domain and use existing Unix accounts for others.

On older versions, see the "winbind trusted domains only" option.

I also have a pending username map plugin for winbindd that might
be available in 3.0.26.  it's still under discussion.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGMf2UIR7qMdg1EfYRAtZwAJ4j+I2HQ7TnpRu7q97DAF7ef5pcpwCZAR8I
X1cWVU7/PizwwkUf611twrs=
=ugk2
-----END PGP SIGNATURE-----


More information about the samba mailing list