[Samba] Re: Samba using AD as a directory server

Christoph Peus cp at uni-wh.de
Mon Dec 3 16:10:30 GMT 2007

Mark Campbell wrote:
> So I have idmap:rid working.  The problem is I can set only the same 
> shell for all users.  I was trying to find a way to store the shell in 
> AD.  I have found a couple references to ||RFC2307.  Can this be used 
> with AD and if so is there a good article on it somewhere?  (I looked 
> through the samba docs but didn't find anythings yet perhaps I am just 
> blind)

short form:

- do an upgrade to Windows Server 2003 R2 on the DCs
- set POSIX IDs in AD for all users und groups which you want to use 
with samba
- compile samba with kerberos support
- net ads join


     security = ADS
     realm = YOUR.DOMAIN
     idmap backend = ad
     winbind nss info = rfc2307

     winbind enum users = yes
     winbind enum groups = yes
     winbind use default domain = yes


passwd:      files winbind
shadow:      files
group:       files winbind


  default_realm = YOUR.DOMAIN

  kdc = xxx.xxx.xxx.xxx
  kdc = yyy.yyy.yyy.yyy

More information about the samba mailing list