[Samba] Samba and AD via ldap.

[Gabby Romano]

Hi All,

I am relatively new to samba but recently I have been working a lot with 
it in order to unite ID/GID on our unix clients.we have Active Directory 
DC and I would like to allow users to use their accounts when working on 
these clients (clearcase related).

I have started working with winbind and reached to a point when I Joined 
the domain,got details using wbinfo -u/-g and su <domain user> works fine.

Next stage was to be able to get same UID/GID on all clients,so after some 
reading I have installed  AD4Unix on the DC in order to extend the AD 
schema to hold unix accounts details,and planned to use ldap to reach it 
from the clients.so far so good.

My problem is that I could not get the samba/pam.d/nsswitch/kerb5 
configuration to work with ldap.I am not able to su to a <domain user> as 
it is not recognized by the machine now, so I can't even check if the ID's 
are correct.

I was wondering if someone could help me with going from a clean working 
winbind env to a working ldap one. what are the changes necessary to make 
it work correctly ? from reading some of mails in the list I understand 
that many of you already have done it before.

I addition, which version of samba best support it ? 20 and later ?

Thanks,

Gabby.